This report contains detail for the following vulnerabilities:
CVE Issued by | Tag | CVE ID | CVE Title |
---|---|---|---|
Microsoft | .NET | CVE-2025-21171 | .NET Remote Code Execution Vulnerability |
Microsoft | .NET | CVE-2025-21173 | .NET Elevation of Privilege Vulnerability |
Microsoft | .NET and Visual Studio | CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability |
Microsoft | .NET, .NET Framework, Visual Studio | CVE-2025-21176 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
Microsoft | Active Directory Domain Services | CVE-2025-21293 | Active Directory Domain Services Elevation of Privilege Vulnerability |
Microsoft | Active Directory Federation Services | CVE-2025-21193 | Active Directory Federation Server Spoofing Vulnerability |
Microsoft | Azure Marketplace SaaS Resources | CVE-2025-21380 | Azure Marketplace SaaS Resources Information Disclosure Vulnerability |
Microsoft | BranchCache | CVE-2025-21296 | BranchCache Remote Code Execution Vulnerability |
Microsoft | Internet Explorer | CVE-2025-21326 | Internet Explorer Remote Code Execution Vulnerability |
Microsoft | IP Helper | CVE-2025-21231 | IP Helper Denial of Service Vulnerability |
Microsoft | Line Printer Daemon Service (LPD) | CVE-2025-21224 | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability |
secalert@redhat.com | Mariner | CVE-2023-40550 | Unknown |
secalert@redhat.com | Mariner | CVE-2024-3727 | Unknown |
cve@mitre.org | Mariner | CVE-2017-17522 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-35786 | Unknown |
secure@intel.com | Mariner | CVE-2019-14584 | Unknown |
security@hashicorp.com | Mariner | CVE-2024-6104 | Unknown |
cve@mitre.org | Mariner | CVE-2019-20907 | Unknown |
security@apache.org | Mariner | CVE-2024-52338 | Unknown |
cve@mitre.org | Mariner | CVE-2007-4559 | Unknown |
security@golang.org | Mariner | CVE-2023-45288 | Unknown |
cve@mitre.org | Mariner | CVE-2017-18207 | Unknown |
secalert@redhat.com | Mariner | CVE-2023-40548 | Unknown |
secalert@redhat.com | Mariner | CVE-2023-40549 | Unknown |
secalert@redhat.com | Mariner | CVE-2021-20286 | Unknown |
security@golang.org | Mariner | CVE-2022-32149 | Unknown |
cve@mitre.org | Mariner | CVE-2019-9674 | Unknown |
secalert@redhat.com | Mariner | CVE-2019-3816 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46758 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-35795 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46757 | Unknown |
cve@mitre.org | Mariner | CVE-2024-53580 | Unknown |
secalert@redhat.com | Mariner | CVE-2024-9355 | Unknown |
cve@kernel.org | Mariner | CVE-2024-26929 | Unknown |
cna@python.org | Mariner | CVE-2024-11168 | Unknown |
cna@python.org | Mariner | CVE-2024-12254 | Unknown |
secalert@redhat.com | Mariner | CVE-2022-32746 | Unknown |
secalert@redhat.com | Mariner | CVE-2021-20277 | Unknown |
secalert@redhat.com | Mariner | CVE-2019-3833 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49967 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46756 | Unknown |
secalert@redhat.com | Mariner | CVE-2024-10041 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-45310 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2023-52663 | Unknown |
security@golang.org | Mariner | CVE-2024-45337 | Unknown |
security@golang.org | Mariner | CVE-2024-45338 | Unknown |
cve@mitre.org | Mariner | CVE-2024-37535 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-32020 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-32465 | Unknown |
secalert@redhat.com | Mariner | CVE-2024-10963 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-34062 | Unknown |
report@snyk.io | Mariner | CVE-2021-23336 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-32021 | Unknown |
secalert@redhat.com | Mariner | CVE-2024-7383 | Unknown |
secalert@redhat.com | Mariner | CVE-2023-1393 | Unknown |
secalert@redhat.com | Mariner | CVE-2020-27840 | Unknown |
security@ubuntu.com | Mariner | CVE-2022-28737 | Unknown |
cve@mitre.org | Mariner | CVE-2022-40898 | Unknown |
secalert@redhat.com | Mariner | CVE-2023-40546 | Unknown |
Microsoft | Microsoft AutoUpdate (MAU) | CVE-2025-21360 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
Microsoft | Microsoft Azure Gateway Manager | CVE-2025-21403 | On-Premises Data Gateway Information Disclosure Vulnerability |
Microsoft | Microsoft Brokering File System | CVE-2025-21315 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
Microsoft | Microsoft Brokering File System | CVE-2025-21372 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
Microsoft | Microsoft Digest Authentication | CVE-2025-21294 | Microsoft Digest Authentication Remote Code Execution Vulnerability |
Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0291 | Chromium: CVE-2025-0291 Type Confusion in V8 |
Microsoft | Microsoft Graphics Component | CVE-2025-21382 | Windows Graphics Component Elevation of Privilege Vulnerability |
Microsoft | Microsoft Office | CVE-2025-21346 | Microsoft Office Security Feature Bypass Vulnerability |
Microsoft | Microsoft Office | CVE-2025-21365 | Microsoft Office Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Access | CVE-2025-21186 | Microsoft Access Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Access | CVE-2025-21366 | Microsoft Access Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Access | CVE-2025-21395 | Microsoft Access Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Excel | CVE-2025-21364 | Microsoft Excel Security Feature Bypass Vulnerability |
Microsoft | Microsoft Office Excel | CVE-2025-21362 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Excel | CVE-2025-21354 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft | Microsoft Office OneNote | CVE-2025-21402 | Microsoft Office OneNote Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Outlook | CVE-2025-21357 | Microsoft Outlook Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Outlook for Mac | CVE-2025-21361 | Microsoft Outlook Remote Code Execution Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2025-21393 | Microsoft SharePoint Server Spoofing Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2025-21344 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2025-21348 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Visio | CVE-2025-21345 | Microsoft Office Visio Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Visio | CVE-2025-21356 | Microsoft Office Visio Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Word | CVE-2025-21363 | Microsoft Word Remote Code Execution Vulnerability |
Microsoft | Microsoft Purview | CVE-2025-21385 | Microsoft Purview Information Disclosure Vulnerability |
Microsoft | Microsoft Windows Search Component | CVE-2025-21292 | Windows Search Service Elevation of Privilege Vulnerability |
Microsoft | Power Automate | CVE-2025-21187 | Microsoft Power Automate Remote Code Execution Vulnerability |
Microsoft | Reliable Multicast Transport Driver (RMCAST) | CVE-2025-21307 | Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability |
GitHub | Visual Studio | CVE-2024-50338 | GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager |
Microsoft | Visual Studio | CVE-2025-21405 | Visual Studio Elevation of Privilege Vulnerability |
Microsoft | Visual Studio | CVE-2025-21178 | Visual Studio Remote Code Execution Vulnerability |
Microsoft | Windows BitLocker | CVE-2025-21213 | Secure Boot Security Feature Bypass Vulnerability |
Microsoft | Windows BitLocker | CVE-2025-21214 | Windows BitLocker Information Disclosure Vulnerability |
Microsoft | Windows Boot Loader | CVE-2025-21211 | Secure Boot Security Feature Bypass Vulnerability |
Microsoft | Windows Boot Manager | CVE-2025-21215 | Secure Boot Security Feature Bypass Vulnerability |
Microsoft | Windows Client-Side Caching (CSC) Service | CVE-2025-21374 | Windows CSC Service Information Disclosure Vulnerability |
Microsoft | Windows Client-Side Caching (CSC) Service | CVE-2025-21378 | Windows CSC Service Elevation of Privilege Vulnerability |
Microsoft | Windows Cloud Files Mini Filter Driver | CVE-2025-21271 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
Microsoft | Windows COM | CVE-2025-21288 | Windows COM Server Information Disclosure Vulnerability |
Microsoft | Windows COM | CVE-2025-21272 | Windows COM Server Information Disclosure Vulnerability |
Microsoft | Windows COM | CVE-2025-21281 | Microsoft COM for Windows Elevation of Privilege Vulnerability |
Microsoft | Windows Connected Devices Platform Service | CVE-2025-21207 | Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability |
Microsoft | Windows Cryptographic Services | CVE-2025-21336 | Windows Cryptographic Information Disclosure Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21258 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21255 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21229 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21249 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21310 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21324 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21327 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21341 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21263 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21260 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21232 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21228 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21265 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21226 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21227 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21261 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21256 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Direct Show | CVE-2025-21291 | Windows Direct Show Remote Code Execution Vulnerability |
Microsoft | Windows DWM Core Library | CVE-2025-21304 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
Microsoft | Windows Event Tracing | CVE-2025-21274 | Windows Event Tracing Denial of Service Vulnerability |
Microsoft | Windows Geolocation Service | CVE-2025-21301 | Windows Geolocation Service Information Disclosure Vulnerability |
Microsoft | Windows Hello | CVE-2025-21340 | Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability |
Microsoft | Windows Hyper-V NT Kernel Integration VSP | CVE-2025-21333 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
Microsoft | Windows Hyper-V NT Kernel Integration VSP | CVE-2025-21334 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
Microsoft | Windows Hyper-V NT Kernel Integration VSP | CVE-2025-21335 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
Microsoft | Windows Installer | CVE-2025-21287 | Windows Installer Elevation of Privilege Vulnerability |
Microsoft | Windows Installer | CVE-2025-21275 | Windows App Package Installer Elevation of Privilege Vulnerability |
Microsoft | Windows Installer | CVE-2025-21331 | Windows Installer Elevation of Privilege Vulnerability |
Microsoft | Windows Kerberos | CVE-2025-21218 | Windows Kerberos Denial of Service Vulnerability |
Microsoft | Windows Kerberos | CVE-2025-21299 | Windows Kerberos Security Feature Bypass Vulnerability |
Microsoft | Windows Kerberos | CVE-2025-21242 | Windows Kerberos Information Disclosure Vulnerability |
Microsoft | Windows Kernel Memory | CVE-2025-21323 | Windows Kernel Memory Information Disclosure Vulnerability |
Microsoft | Windows Kernel Memory | CVE-2025-21316 | Windows Kernel Memory Information Disclosure Vulnerability |
Microsoft | Windows Kernel Memory | CVE-2025-21318 | Windows Kernel Memory Information Disclosure Vulnerability |
Microsoft | Windows Kernel Memory | CVE-2025-21319 | Windows Kernel Memory Information Disclosure Vulnerability |
Microsoft | Windows Kernel Memory | CVE-2025-21320 | Windows Kernel Memory Information Disclosure Vulnerability |
Microsoft | Windows Kernel Memory | CVE-2025-21321 | Windows Kernel Memory Information Disclosure Vulnerability |
Microsoft | Windows Kernel Memory | CVE-2025-21317 | Windows Kernel Memory Information Disclosure Vulnerability |
Microsoft | Windows MapUrlToZone | CVE-2025-21328 | MapUrlToZone Security Feature Bypass Vulnerability |
Microsoft | Windows MapUrlToZone | CVE-2025-21276 | Windows MapUrlToZone Denial of Service Vulnerability |
Microsoft | Windows MapUrlToZone | CVE-2025-21329 | MapUrlToZone Security Feature Bypass Vulnerability |
Microsoft | Windows MapUrlToZone | CVE-2025-21189 | MapUrlToZone Security Feature Bypass Vulnerability |
Microsoft | Windows MapUrlToZone | CVE-2025-21269 | Windows HTML Platforms Security Feature Bypass Vulnerability |
Microsoft | Windows MapUrlToZone | CVE-2025-21268 | MapUrlToZone Security Feature Bypass Vulnerability |
Microsoft | Windows MapUrlToZone | CVE-2025-21332 | MapUrlToZone Security Feature Bypass Vulnerability |
Microsoft | Windows MapUrlToZone | CVE-2025-21219 | MapUrlToZone Security Feature Bypass Vulnerability |
Microsoft | Windows Message Queuing | CVE-2025-21270 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
Microsoft | Windows Message Queuing | CVE-2025-21289 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
Microsoft | Windows Message Queuing | CVE-2025-21251 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
Microsoft | Windows Message Queuing | CVE-2025-21285 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
Microsoft | Windows Message Queuing | CVE-2025-21290 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
Microsoft | Windows Message Queuing | CVE-2025-21230 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
Microsoft | Windows Message Queuing | CVE-2025-21277 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
Microsoft | Windows Message Queuing | CVE-2025-21220 | Microsoft Message Queuing Information Disclosure Vulnerability |
Microsoft | Windows NTLM | CVE-2025-21217 | Windows NTLM Spoofing Vulnerability |
Microsoft | Windows NTLM | CVE-2025-21311 | Windows NTLM V1 Elevation of Privilege Vulnerability |
Microsoft | Windows OLE | CVE-2025-21298 | Windows OLE Remote Code Execution Vulnerability |
Microsoft | Windows PrintWorkflowUserSvc | CVE-2025-21235 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
Microsoft | Windows PrintWorkflowUserSvc | CVE-2025-21234 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
Microsoft | Windows Recovery Environment Agent | CVE-2025-21202 | Windows Recovery Environment Agent Elevation of Privilege Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2025-21309 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2025-21297 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2025-21330 | Windows Remote Desktop Services Denial of Service Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2025-21225 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2025-21278 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
CERT CC | Windows Secure Boot | CVE-2024-7344 | Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass |
Microsoft | Windows Security Account Manager | CVE-2025-21313 | Windows Security Account Manager (SAM) Denial of Service Vulnerability |
Microsoft | Windows Smart Card | CVE-2025-21312 | Windows Smart Card Reader Information Disclosure Vulnerability |
Microsoft | Windows SmartScreen | CVE-2025-21314 | Windows SmartScreen Spoofing Vulnerability |
Microsoft | Windows SPNEGO Extended Negotiation | CVE-2025-21295 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21241 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21243 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21237 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21239 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21244 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21238 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21252 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21248 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21240 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21413 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21286 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21305 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21411 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21246 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21250 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21236 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21233 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21417 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21273 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21266 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21303 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21282 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21302 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21306 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21223 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21409 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21339 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21245 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Themes | CVE-2025-21308 | Windows Themes Spoofing Vulnerability |
Microsoft | Windows UPnP Device Host | CVE-2025-21300 | Windows upnphost.dll Denial of Service Vulnerability |
Microsoft | Windows UPnP Device Host | CVE-2025-21389 | Windows upnphost.dll Denial of Service Vulnerability |
Microsoft | Windows Virtual Trusted Platform Module | CVE-2025-21210 | Windows BitLocker Information Disclosure Vulnerability |
Microsoft | Windows Virtual Trusted Platform Module | CVE-2025-21280 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability |
Microsoft | Windows Virtual Trusted Platform Module | CVE-2025-21284 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability |
Microsoft | Windows Virtualization-Based Security (VBS) Enclave | CVE-2025-21370 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability |
Microsoft | Windows Web Threat Defense User Service | CVE-2025-21343 | Windows Web Threat Defense User Service Information Disclosure Vulnerability |
Microsoft | Windows Win32K - GRFX | CVE-2025-21338 | GDI+ Remote Code Execution Vulnerability |
Microsoft | Windows WLAN Auto Config Service | CVE-2025-21257 | Windows WLAN AutoConfig Service Information Disclosure Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-50338
MITRE NVD Issuing CNA: GitHub |
CVE Title: GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager
CVSS: CVSS:3.1 Highest BaseScore:7.4/TemporalScore:6.4
Executive Summary: None FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is secrets or privileged information belonging to the user of the affected application. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-50338 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
15.9.69 | Maybe | None |
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.11.43 | Maybe | None |
Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
17.10.10 | Maybe | None |
Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
17.6.22 | Maybe | None |
Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
17.8.17 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-50338 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21411
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21411 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21411 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21413
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21413 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21413 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21171
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they should be placed on the victim's system. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they should be placed on the victim's system. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that a user trigger the payload in the application. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21171 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
.NET 9.0 installed on Linux | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
.NET 9.0 installed on Mac OS | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
.NET 9.0 installed on Windows | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.10.10 | Maybe | None |
Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.22 | Maybe | None |
Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.17 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2025-21171 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21210
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows BitLocker Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.2/TemporalScore:3.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of unencrypted hibernation images in cleartext. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an attacker needs repeated physical access to the victim machine's hard disk. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21210 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21210 | Maxim Suhanov with CICADA8 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21214
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows BitLocker Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.2/TemporalScore:3.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Bitlocker Key. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts by swapping virtual hard disks. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21214 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21214 | Maxim Suhanov with CICADA8 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21215
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.6/TemporalScore:4.0
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then trigger an event that could exploit the vulnerability and save an invalid state to a database or trigger other unintended actions. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21215 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21215 | Maxim Suhanov with CICADA8 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21233
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21233 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21233 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21234
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to AppContainer isolation and Mandatory Integrity Control for more information. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21234 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21234 | Jongseong Kim (nevul37) with Ajou University & ENKI WhiteHat |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21235
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to AppContainer isolation and Mandatory Integrity Control for more information. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21235 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21235 | Jongseong Kim (nevul37) with Ajou University & ENKI WhiteHat |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21236
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21236 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21236 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21237
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21237 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21237 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21239
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21239 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21239 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21241
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21241 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21241 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21242
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kerberos Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.2
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21242 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21242 | Asna Farooqui |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21243
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21243 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21243 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21244
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21244 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21244 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21248
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21248 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21248 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21249
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21249 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21249 | Zhihua Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21251
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?? An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21251 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21251 | Azure Yang with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21252
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21252 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21252 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21255
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21255 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21255 | Zhihua Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21257
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows WLAN AutoConfig Service Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21257 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21257 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21258
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21258 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21258 | Zhihua Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21260
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21260 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21260 | Zhihua Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21263
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21263 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21263 | Zhihua Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21265
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB device. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21265 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21265 | Zhihua Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21266
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21266 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21266 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21268
MITRE NVD Issuing CNA: Microsoft |
CVE Title: MapUrlToZone Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.9
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21268 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
Windows Server 2012 | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
Windows Server 2012 (Server Core installation) | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21268 | George Hughey |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21269
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows HTML Platforms Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. What kind of security feature could be bypassed by successfully exploiting this vulnerability? A security feature bypass vulnerability exists when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended. To exploit this vulnerability, an attacker could email or otherwise provide a specially crafted URL to a victim and convince them to click on it. The security update addresses the vulnerability by correcting security feature behavior to properly map affected URLs to the correct Security Zone. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21269 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
Windows Server 2012 | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
Windows Server 2012 (Server Core installation) | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21269 | George Hughey with MSRC Vulnerabilities & Mitigations |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21270
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?? An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21270 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21270 | Azure Yang with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21271
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21271 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
CVE ID | Acknowledgements |
CVE-2025-21271 | RanchoIce |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21272
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows COM Server Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could get unauthorized access to sensitive user data outside of the AppContainer execution environment. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21272 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21272 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21277
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?? An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21277 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21277 | Azure Yang with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21280
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Virtual Trusted Platform Module Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? A successful exploitation of this vulnerability via a medium integrity level exploit could allow an attacker to gain unauthorized access to system-level resources, potentially modify kernel memory, and execute arbitrary code with kernel-level privileges. This could lead to a full compromise of the system’s integrity, confidentiality, and availability. Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21280 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21280 | HongZhenhao with TianGong Team of Legendsec at Qi'anxin Group |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21281
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft COM for Windows Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21281 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21281 | Zhang WangJunJie, He YiSheng with Hillstone Network Security Research Institute |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21282
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21282 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21282 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21284
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Virtual Trusted Platform Module Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. According to the CVSS metric, successful exploitation of this vulnerability could lead to a total loss of availability (A:H). What does that mean for this vulnerability? If an attacker was able to successfully exploit the vulnerability the attack might result in a total loss of availability. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21284 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21284 | HongZhenhao with TianGong Team of Legendsec at Qi'anxin Group |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21285
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?? An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21285 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21285 | Azure Yang with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21288
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows COM Server Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21288 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21288 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21289
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?? An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21289 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21289 | Azure Yang with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21290
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?? An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21290 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21290 | Azure Yang with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21291
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Direct Show Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an authenticated client to click a link in order for an unauthenticated attacker to initiate remote code execution. How could an attacker exploit the vulnerability? An attacker could exploit the vulnerability by controlling subsequent memory allocation after a double free error occurs. This could potentially allow the attacker to execute arbitrary code, leading to remote code execution. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21291 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
CVE ID | Acknowledgements |
CVE-2025-21291 | Mozilla |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21293
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Active Directory Domain Services Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21293 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21293 | Sebastian Sadeq Birke with ReTest Security ApS |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21294
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Digest Authentication Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system which requires digest authentication, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21294 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21294 | Yuki Chen |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21295
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to manipulate system operations in a specific manner. How could an attacker exploit the vulnerability? An attacker who successful exploited this vulnerability could achieve remote code execution without user interaction. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21295 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21295 | Yuki Chen |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21296
MITRE NVD Issuing CNA: Microsoft |
CVE Title: BranchCache Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21296 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21296 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21297
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Services Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21297 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21297 | VictorV(Tang tianwen) with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21298
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows OLE Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:8.5
Executive Summary: None FAQ: How could an attacker exploit the vulnerability? In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim's Outlook application displaying a preview of a specially crafted email . This could result in the attacker executing remote code on the victim's machine. What is OLE? Object Linking and Embedding (OLE) is a technology that allows embedding and linking to documents and other objects. For more information please visit: Object Linking and Embedding (OLE) Data Structures Mitigations: None Workarounds: Use Microsoft Outlook to reduce the risk of users opening RTF Files from unknown or untrusted sources To help protect against this vulnerability, we recommend users read email messages in plain text format. For guidance on how to configure Microsoft Outlook to read all standard mail in plain text, please refer to Read email messages in plain text. Impact of workaround: Email messages that are viewed in plain text format will not contain pictures, specialized fonts, animations, or other rich content. In addition, the following behavior may be experienced:
Revision: 1.0 14-Jan-25 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21298 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21298 | Jmini, Rotiple, D4m0n with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21299
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kerberos Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Executive Summary: None FAQ: Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21299 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21299 | Ceri Coburn with NetSPI |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21301
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Geolocation Service Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21301 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21301 | André Schoorl and Bruno Pereira Vidal Bruno Pereira Vidal |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21302
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21302 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21302 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21303
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21303 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21303 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21304
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could an attacker gain with a successful exploitation? An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process. This could lead to further system compromise and unauthorized actions within the network. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21304 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
CVE ID | Acknowledgements |
CVE-2025-21304 | Varun Goel |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21306
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21306 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21306 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21309
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Services Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21309 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21309 | VictorV(Tang tianwen) with Kunlun Lab k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21314
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows SmartScreen Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker would have to send the victim a malicious file that the victim would have to execute. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21314 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2016 | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Spoofing | 5048653 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21314 | Haifei Li with Check Point Research Eric Lawrence with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21315
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Brokering File System Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user. According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code at a higher integrity level than that of the AppContainer execution environment. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21315 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21315 | hazard |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21316
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. **Are there any further steps I need to take to be protected from this vulnerability? Customers running Windows Server 2016 or older, or Windows 10 version 1607 or older MUST install both the Servicing Stack Update (SSU) and the Security Update for that version to be fully protected from this vulnerability. See ADV990001 | Latest Servicing Stack Updates for the applicable Servicing Stack Update for your operating system version. Customers whose systems are configured to receive automatic updates do not need to take any further action. Do I need to install the Servicing Stack Update and the January 2025 Security Update in any particular order? SSUs should always be installed before any new update for Windows, including the latest cumulative update (LCU), Monthly Rollup, or Security Update. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21316 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21316 | Yarden Shafir |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21318
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21318 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21318 | Yarden Shafir |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21319
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. **Are there any further steps I need to take to be protected from this vulnerability? Customers running Windows Server 2016 or older, or Windows 10 version 1607 or older MUST install both the Servicing Stack Update (SSU) and the Security Update for that version to be fully protected from this vulnerability. See ADV990001 | Latest Servicing Stack Updates for the applicable Servicing Stack Update for your operating system version. Customers whose systems are configured to receive automatic updates do not need to take any further action. Do I need to install the Servicing Stack Update and the January 2025 Security Update in any particular order? SSUs should always be installed before any new update for Windows, including the latest cumulative update (LCU), Monthly Rollup, or Security Update. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21319 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21319 | Yarden Shafir |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21320
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. **Are there any further steps I need to take to be protected from this vulnerability? Customers running Windows Server 2016 or older, or Windows 10 version 1607 or older MUST install both the Servicing Stack Update (SSU) and the Security Update for that version to be fully protected from this vulnerability. See ADV990001 | Latest Servicing Stack Updates for the applicable Servicing Stack Update for your operating system version. Customers whose systems are configured to receive automatic updates do not need to take any further action. Do I need to install the Servicing Stack Update and the January 2025 Security Update in any particular order? SSUs should always be installed before any new update for Windows, including the latest cumulative update (LCU), Monthly Rollup, or Security Update. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21320 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21320 | Yarden Shafir |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21321
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21321 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21321 | Yarden Shafir |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21327
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21327 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21327 | Adel and Benjamin Rodes |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21176
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21176 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
.NET 8.0 installed on Linux | 5050525 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.12 | Maybe | None |
.NET 8.0 installed on Mac OS | 5050525 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.12 | Maybe | None |
.NET 8.0 installed on Windows | 5050525 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.12 | Maybe | None |
.NET 9.0 installed on Linux | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
.NET 9.0 installed on Mac OS | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
.NET 9.0 installed on Windows | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems | 5050416 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems | 5050416 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems | 5050416 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems | 5050188 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems | 5050188 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems | 5050188 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 | 5050187 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) | 5050187 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems | 5050416 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems | 5050416 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems | 5050416 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems | 5050188 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems | 5050188 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems | 5050188 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems | 5049624 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems | 5049624 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems | 5049624 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems | 5049624 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for ARM64-based Systems | 5049622 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for x64-based Systems | 5049622 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 | 5050187 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) | 5050187 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) | 5049620 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050186 (Monthly Rollup) 5050181 (Security Only) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 4.7.04126.02 |
Maybe | None | |
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050186 (Monthly Rollup) 5050181 (Security Only) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 4.7.04126.02 |
Maybe | None | |
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5050186 (Monthly Rollup) 5050181 (Security Only) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 4.7.04126.02 |
Maybe | None | |
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050186 (Monthly Rollup) 5050181 (Security Only) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 4.7.04126.02 |
Maybe | None | |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050183 (Monthly Rollup) 5050180 (Security Only) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 4.7.04126.02 |
Maybe | None | |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050183 (Monthly Rollup) 5050180 (Security Only) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 4.7.04126.02 |
Maybe | None | |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 | 5050184 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) | 5050184 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 | 5050185 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) | 5050185 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems | 5049614 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems | 5049614 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050183 (Monthly Rollup) 5050180 (Security Only) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 4.8.04775.02 |
Maybe | None | |
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050183 (Monthly Rollup) 5050180 (Security Only) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 4.8.04775.02 |
Maybe | None | |
Microsoft .NET Framework 4.8 on Windows Server 2012 | 5050184 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) | 5050184 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft .NET Framework 4.8 on Windows Server 2012 R2 | 5050185 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) | 5050185 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft .NET Framework 4.8 on Windows Server 2016 | 5049614 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) | 5049614 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.9.69 | Maybe | None |
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.11.43 | Maybe | None |
Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.10.10 | Maybe | None |
Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.22 | Maybe | None |
Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.17 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2025-21176 | goodbyeselene |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21178
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Visual Studio Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21178 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.9.69 | Maybe | None |
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.11.43 | Maybe | None |
Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.10.10 | Maybe | None |
Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.22 | Maybe | None |
Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.17 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2025-21178 | goodbyeselene |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21173
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that a user trigger the payload in the application. According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authorized attacker with standard user privileges could place a malicious file and then wait for the privileged victim to run the calling command. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21173 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
.NET 8.0 installed on Linux | 5050525 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.12 | Maybe | None |
.NET 9.0 installed on Linux | 5050526 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.10.10 | Maybe | None |
Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.22 | Maybe | None |
Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.17 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2025-21173 | Noah Gilson with Microsoft Daniel Plaisted with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21341
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21341 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21341 | Adel and Benjamin Rodes |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||
CVE-2025-21344
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21344 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SharePoint Enterprise Server 2016 | 5002672 (Security Update) 5002671 (Security Update) |
Important | Remote Code Execution | 5002659 5002544 |
Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.0.5483.1001 | Maybe | None |
Microsoft SharePoint Server 2019 | 5002666 (Security Update) 5002667 (Security Update) |
Important | Remote Code Execution | 5002657 5002664 |
Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.0.10416.20041 | Maybe | None |
Microsoft SharePoint Server Subscription Edition | 5002676 (Security Update) | Important | Remote Code Execution | 5002658 | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.0.17928.20356 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2025-21344 | zcgonvh |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21345
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Visio Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21345 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
CVE ID | Acknowledgements |
CVE-2025-21345 | c0d3nh4ck with Zscaler's ThreatLabz |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21346
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Executive Summary: None FAQ: There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploits this vulnerability could bypass Windows Defender Application Control (WDAC) enforcement. This could lead to the ability to run unauthorized applications on target systems. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21346 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2016 (32-bit edition) | 5002675 (Security Update) 5002595 (Security Update) |
Important | Security Feature Bypass | 5002661 5002197 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 16.0.5483.1000 |
Maybe | None |
Microsoft Office 2016 (64-bit edition) | 5002675 (Security Update) 5002595 (Security Update) |
Important | Security Feature Bypass | 5002661 5002197 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 16.0.5483.1000 |
Maybe | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
CVE ID | Acknowledgements |
CVE-2025-21346 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21348
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.2/TemporalScore:6.3
Executive Summary: None FAQ: There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server. How could an attacker exploit the vulnerability? An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21348 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SharePoint Enterprise Server 2016 | 5002672 (Security Update) 5002671 (Security Update) |
Important | Remote Code Execution | 5002659 5002544 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
Microsoft SharePoint Server 2019 | 5002666 (Security Update) 5002667 (Security Update) |
Important | Remote Code Execution | 5002657 5002664 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10416.20041 | Maybe | None |
Microsoft SharePoint Server Subscription Edition | 5002676 (Security Update) | Important | Remote Code Execution | 5002658 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.17928.20356 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2025-21348 | zcgonvh |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21356
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Visio Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21356 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
CVE ID | Acknowledgements |
CVE-2025-21356 | Li Shuang and willJ with Vulnerability Research Institute |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21357
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Outlook Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H) and privileges required are low (PR:L). What does that mean for this vulnerability? An attacker must gain access to the victim user's Microsoft Outlook account by compromising or stealing their login credential and then install a malicious form prior to exploiting the vulnerability successfully. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user needs to be tricked into opening malicious files. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21357 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Outlook 2016 (32-bit edition) | 5002656 (Security Update) | Important | Remote Code Execution | 5002626 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1000 | Maybe | None |
Microsoft Outlook 2016 (64-bit edition) | 5002656 (Security Update) | Important | Remote Code Execution | 5002626 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1000 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2025-21357 | Arnold Osipov with Morphisec Michael Gorelik with Morphisec SeungYun LEE with bObffice (BOB13th) JunHyuk Im with bObffice (BOB13th) Kiyeon Jeong with bObffice (BOB13th) JongGeon KIM with bObffice (BOB13th) Jeongmin Choi with bObffice (BOB13th) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||
CVE-2025-21363
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Word Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21363 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93.25011212 | Yes | None |
Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93.25011212 | Yes | None |
CVE ID | Acknowledgements |
CVE-2025-21363 | Jmini, Rotiple, D4m0n with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21364
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Office macro policies used to block untrusted or malicious files. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21364 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
CVE ID | Acknowledgements |
CVE-2025-21364 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21365
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21365 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
CVE ID | Acknowledgements |
CVE-2025-21365 | Seungyun LEE with bObffice(BOB 13th) Jeongmin Choi with bObffice(BOB 13th) Junhyuk IM with bObffice(BOB 13th) JongGeon KIM with bObffice(BOB 13th) Kiyeon Jeong with bObffice(BOB 13th) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21366
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Access Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. How does the update protect against this vulnerability? The update blocks potentially malicious extensions from being sent in an email. Which types of extensions are blocked? The following extensions which will be blocked:
Is there any notification indicating an email contained a blocked extension? The email recipient will get a notification that there was an attachment but it cannot be accessed. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21366 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Access 2016 (32-bit edition) | 5002670 (Security Update) | Important | Remote Code Execution | 5002641 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
Microsoft Access 2016 (64-bit edition) | 5002670 (Security Update) | Important | Remote Code Execution | 5002641 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
CVE ID | Acknowledgements |
CVE-2025-21366 | Unpatched.ai |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21382
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Graphics Component Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21382 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21382 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21219
MITRE NVD Issuing CNA: Microsoft |
CVE Title: MapUrlToZone Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21219 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21219 | George Hughey with MSRC Vulnerabilities & Mitigations |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-7344
MITRE NVD Issuing CNA: CERT CC |
CVE Title: Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass
CVSS: CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Executive Summary: This CVE was assigned by CERT CC. The purpose of this document is to attest to the fact that the products listed in the Security Updates table have been updated to protect against this vulnerability. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-7344 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Security Feature Bypass | 5048699 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Security Feature Bypass | 5048699 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Security Feature Bypass | 5048735 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Security Feature Bypass | 5048735 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2024-7344 | Martin Smolar, ESET |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21389
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows upnphost.dll Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21389 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21389 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21393
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.3/TemporalScore:5.5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? Integrity is impacted as XSS allows an attacker to add their malicious script to fetch victim's sensitive info or to change DOM execution. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to the target site as at least a Site Member. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21393 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SharePoint Enterprise Server 2016 | 5002672 (Security Update) 5002671 (Security Update) |
Important | Spoofing | 5002659 5002544 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
Microsoft SharePoint Server 2019 | 5002666 (Security Update) 5002667 (Security Update) |
Important | Spoofing | 5002657 5002664 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
16.0.10416.20041 | Maybe | None |
Microsoft SharePoint Server Subscription Edition | 5002676 (Security Update) | Important | Spoofing | 5002658 | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
16.0.17928.20356 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2025-21393 | Felix Boulet |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21395
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Access Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. How does the update protect against this vulnerability? The update blocks potentially malicious extensions from being sent in an email. Which types of extensions are blocked? The following extensions which will be blocked:
Is there any notification indicating an email contained a blocked extension? The email recipient will get a notification that there was an attachment but it cannot be accessed. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21395 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Access 2016 (32-bit edition) | 5002670 (Security Update) | Important | Remote Code Execution | 5002641 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
Microsoft Access 2016 (64-bit edition) | 5002670 (Security Update) | Important | Remote Code Execution | 5002641 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
CVE ID | Acknowledgements |
CVE-2025-21395 | Unpatched.ai |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||
CVE-2025-21403
MITRE NVD Issuing CNA: Microsoft |
CVE Title: On-Premises Data Gateway Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.4/TemporalScore:5.9
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the data contained in the targeted PowerBI dashboard. The scope of PowerBI data which could be accessed is dependent on the privileges of compromised user. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the victim user to login or authenticate to the target environment. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to be able to exploit this vulnerability. What actions do customers need to take to protect themselves from this vulnerability? Only customers who have configured a SAP HANA data source to use single sign-on (SSO) are affected and must update their On-Premises Data Gateway to protect against this vulnerability. More information regarding SSO for On-Premises Data Gateways can be found here: Overview of single sign-on for on-premises data gateways in Power BI Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21403 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
On-Premises Data Gateway | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.4 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RC:C |
3000.246 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2025-21403 | Kian Gorgichuk Kian Gorgichuk |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21217
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows NTLM Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21217 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Spoofing | 5048703 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Spoofing | 5048703 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Spoofing | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Spoofing | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Spoofing | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Spoofing | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Spoofing | 5048695 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Spoofing | 5048695 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Spoofing | 5048699 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Spoofing | 5048699 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Spoofing | 5048735 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Spoofing | 5048735 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Spoofing | 5048653 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21217 | George Hughey with MSRC Vulnerabilities & Mitigations |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21405
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Visual Studio Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21405 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2025-21405 | Polar Penguin ycdxsb |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21278
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.2/TemporalScore:5.4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21278 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21278 | Anonymous SkorikARI VictorV(Tang tianwen) with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21329
MITRE NVD Issuing CNA: Microsoft |
CVE Title: MapUrlToZone Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21329 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
Windows Server 2012 | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
Windows Server 2012 (Server Core installation) | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21329 | George Hughey with MSRC Vulnerabilities & Mitigations George Hughey with MSRC Vulnerabilities & Mitigations |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21328
MITRE NVD Issuing CNA: Microsoft |
CVE Title: MapUrlToZone Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21328 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
Windows Server 2012 | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
Windows Server 2012 (Server Core installation) | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21328 | George Hughey with MSRC Vulnerabilities & Mitigations |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21330
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Services Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?? An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21330 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21330 | ʌ!ↄ⊥ojv with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21220
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21220 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21220 | Bastian Kanbach with SSE - Secure Systems Engineering GmbH |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21335
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
CVE-2025-21335 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21335 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21193
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Active Directory Federation Server Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? In a web-based attack scenario, an attacker could host a website or server that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21193 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2016 | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Spoofing | 5048653 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21193 | Adrien Scholler with Holiseum |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21207
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?? An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21207 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21207 | CSIRT MON Eduardo Berlanga (seqode) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21202
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Recovery Environment Agent Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.1/TemporalScore:5.3
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an attacker needs physical access to the victim's machine. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21202 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21202 | Maxim Suhanov with CICADA8 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21186
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Access Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. How does the update protect against this vulnerability? The update blocks potentially malicious extensions from being sent in an email. Which types of extensions are blocked? The following extensions which will be blocked:
Is there any notification indicating an email contained a blocked extension? The email recipient will get a notification that there was an attachment but it cannot be accessed. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21186 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Access 2016 (32-bit edition) | 5002670 (Security Update) | Important | Remote Code Execution | 5002641 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
Microsoft Access 2016 (64-bit edition) | 5002670 (Security Update) | Important | Remote Code Execution | 5002641 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
CVE ID | Acknowledgements |
CVE-2025-21186 | Unpatched.ai |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21211
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21211 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Security Feature Bypass | 5048699 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Security Feature Bypass | 5048699 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Security Feature Bypass | 5048735 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Security Feature Bypass | 5048735 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21211 | Zammis Clark |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21213
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.6/TemporalScore:4.0
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21213 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Security Feature Bypass | 5048699 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Security Feature Bypass | 5048699 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Security Feature Bypass | 5048735 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Security Feature Bypass | 5048735 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21213 | Zammis Clark |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21224
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted print task to a shared vulnerable Windows Line Printer Daemon (LPD) service across a network. Successful exploitation could result in remote code execution on the server. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: The following mitigating factors might be helpful in your situation:
Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21224 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21224 | Azure Yang with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21225
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.2
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21225 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21225 | VictorV(Tang tianwen) with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21226
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21226 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21226 | Zhihua Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21227
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB device. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21227 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21227 | Zhihua Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21228
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB device. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21228 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21228 | Zhihua Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21229
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21229 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21229 | Zhihua Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21230
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?? An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21230 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21230 | Azure Yang with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21231
MITRE NVD Issuing CNA: Microsoft |
CVE Title: IP Helper Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N). How could an attacker exploit this vulnerability? As an authenticated user, the attacker could send a specially crafted string of data over the network, causing the application to crash. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21231 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21231 | Azure Yang with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21232
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21232 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21232 | Zhihua Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21256
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21256 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21256 | Zhihua Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21261
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21261 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21261 | Zhihua Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21189
MITRE NVD Issuing CNA: Microsoft |
CVE Title: MapUrlToZone Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.9
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21189 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
Windows Server 2012 | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
Windows Server 2012 (Server Core installation) | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21189 | George Hughey with MSRC Vulnerabilities & Mitigations |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21273
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21273 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21273 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21274
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Event Tracing Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21274 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21274 | Filip Dragović |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21275
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows App Package Installer Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21275 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21275 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21276
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows MapUrlToZone Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?? An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS). The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21276 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
Windows Server 2012 | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Denial of Service | 5048699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
Windows Server 2012 (Server Core installation) | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Denial of Service | 5048699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Denial of Service | 5048735 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Denial of Service | 5048735 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21276 | George Hughey with MSRC Vulnerabilities & Mitigations |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21286
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21286 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21286 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21287
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Installer Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.2
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21287 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21287 | JaGoTu with DCIT, a.s. |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21292
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Search Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21292 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21292 | Microsoft Offensive Research & Security Engineering |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21300
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows upnphost.dll Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21300 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21300 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21305
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21305 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21305 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21307
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:8.5
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could exploit the vulnerability by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server, without any interaction from the user. Mitigations: The following mitigating factors might be helpful in your situation: This vulnerability is only exploitable only if there is a program listening on a Pragmatic General Multicast (PGM) port. If PGM is installed or enabled but no programs are actively listening as a receiver, then this vulnerability is not exploitable. PGM does not authenticate requests so it is recommended to protect access to any open ports at the network level (e.g. with a firewall). It is not recommended to expose a PGM receiver to the public internet. Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21307 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21307 | Kyle Westhaus with Microsoft Offensive Research & Security Engineering (MORSE) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21308
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Themes Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file. Mitigations: Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigations might apply in your situation:
References:
Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21308 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Spoofing | 5048703 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Spoofing | 5048703 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Spoofing | 5048699 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Spoofing | 5048699 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Spoofing | 5048735 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Spoofing | 5048735 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2025 | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21308 | Blaz Satler with 0patch by ACROS Security |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21310
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21310 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21310 | Adel and Benjamin Rodes |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21312
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Smart Card Reader Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:2.4/TemporalScore:2.1
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21312 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 2.4 Temporal: 2.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
CVE ID | Acknowledgements |
CVE-2025-21312 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21317
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21317 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21317 | Yarden Shafir |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21323
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21323 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21323 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21172
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET and Visual Studio Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21172 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
.NET 8.0 installed on Linux | 5050525 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.12 | Maybe | None |
.NET 8.0 installed on Mac OS | 5050525 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.12 | Maybe | None |
.NET 8.0 installed on Windows | 5050525 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.12 | Maybe | None |
.NET 9.0 installed on Linux | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
.NET 9.0 installed on Mac OS | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
.NET 9.0 installed on Windows | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.9.69 | Maybe | None |
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.11.43 | Maybe | None |
Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.10.10 | Maybe | None |
Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.22 | Maybe | None |
Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.17 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2025-21172 | goodbyeselene |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21324
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21324 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21324 | Adel from MSRC V&M |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21331
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Installer Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Successful exploitation of this vulnerability by an attacker requires a user to first reboot their machine. Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21331 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
CVE ID | Acknowledgements |
CVE-2025-21331 | Simon Zuckerbraun of Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21336
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cryptographic Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.6/TemporalScore:4.9
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to carefully time their actions to exploit the timing differences in the execution of specific operations. They must accurately measure these timing variations to infer sensitive information or gain unauthorized access. This often involves sophisticated techniques to manipulate and observe the timing behavior of the target system. According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An attacker who successfully exploited this vulnerability could potentially execute a cross-VM attack, thereby compromising multiple virtual machines and expanding the impact of the attack beyond the initially targeted VM. What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of encrypted PKCS1 information. An attacker could read the contents of encrypted PKCS1 information from a user mode process. Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21336 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21336 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21338
MITRE NVD Issuing CNA: Microsoft |
CVE Title: GDI+ Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21338 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Office for Android | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.18429.20000 | Maybe | None |
Microsoft Office for iOS | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.93.24123014 | Maybe | None |
Microsoft Office for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.93.25011212 | Yes | None |
Microsoft Office for Universal | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.14326.22175 | Maybe | None |
Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.93.25011212 | Yes | None |
Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.93.25011212 | Yes | None |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21338 | Li Shuang and willJ with vulnerability research institute |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21339
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21339 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21339 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21340
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21340 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21340 | Microsoft Offensive Research & Security Engineering |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21343
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Web Threat Defense User Service Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. How could an attacker exploit this vulnerability? An attacker who successfully exploited this vulnerability could capture screenshots of another user’s session, crossing the user-session boundary. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21343 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21343 | Australian Signals Directorate Australian Signals Directorate |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||
CVE-2025-21360
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.1
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploits this vulnerability could elevate their privileges to perform commands as Root in the target environment. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21360 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft AutoUpdate for Mac | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
4.76 | Yes | None |
CVE ID | Acknowledgements |
CVE-2025-21360 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||
CVE-2025-21361
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Outlook Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.1
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? The attacker would be able to bypass the protection in Outlook that prevents a potentially dangerous file extension from being attached enabling a remote code execution. Which version of Outlook for Mac does this affect? This vulnerability only affects the Legacy version of Outlook for Mac which is described in this documentation: Outlook for Mac. Customers who have enabled the new Outlook experience are not affected. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Is the Attachment Preview Pane an attack vector for this vulnerability? Yes. The attachment Preview Pane that is accessed when a user clicks to preview an attached file is an attack vector; however, the email Preview Pane itself is not. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21361 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93.25011212 | Yes | None |
Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93.25011212 | Yes | None |
Microsoft Outlook for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2025-21361 | Shubh Sidhu |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21370
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges would an attacker gain by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could potentially leak data from the target enclave or execute code within the context of the target enclave. Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21370 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21370 | Alex Ionescu, working for Winsider Seminars & Solutions, Inc. |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21372
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Brokering File System Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21372 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21372 | hazard |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21374
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows CSC Service Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is an out of bounds read in the caller's address space memory. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21374 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21374 | Mukyoung Kwak, Seongheun Hong, Jaeseok Bae, Inkyu Yang, Jiwon Jang, Seoyun Cho with Best of the Best 13th Team MSRC Gasan |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21378
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows CSC Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21378 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21378 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||
CVE-2025-21402
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office OneNote Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21402 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93.25011212 | Yes | None |
Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93.25011212 | Yes | None |
Microsoft OneNote for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.92.24120731 | Yes | None |
CVE ID | Acknowledgements |
CVE-2025-21402 | Shubh Sidhu |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21218
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kerberos Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could use a specially crafted application to leverage a protocol vulnerability in Windows Kerberos to perform a denial of service attack against the target. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21218 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21218 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21380
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Marketplace SaaS Resources Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.9
Executive Summary: Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. FAQ: Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability? This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-25 Information published. |
Critical | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21380 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Marketplace SaaS | Critical | Information Disclosure | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | Unknown | None |
CVE ID | Acknowledgements |
CVE-2025-21380 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21385
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Purview Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network. FAQ: Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability? This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information. Mitigations: None Workarounds: None Revision: 1.0 09-Jan-25 Information published. |
Critical | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21385 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Purview | Critical | Information Disclosure | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | Unknown | None |
CVE ID | Acknowledgements |
CVE-2025-21385 | Tzah Pahima |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21313
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Security Account Manager (SAM) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: How could an attacker exploit the vulnerability? An authenticated attacker could make specially crafted API calls that lead to a Denial of Service. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21313 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21313 | Internal with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21332
MITRE NVD Issuing CNA: Microsoft |
CVE Title: MapUrlToZone Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Executive Summary: None FAQ: The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21332 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
Windows Server 2012 | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
Windows Server 2012 (Server Core installation) | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21332 | George Hughey with MSRC Vulnerabilities & Mitigations |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21326
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Internet Explorer Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21326 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21326 | Quan Jin with DBAPPSecurity WeBin Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21311
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows NTLM V1 Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:8.5
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability? The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component. Mitigations: Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigations might apply in your situation: Set the LmCompatabilityLvl to its maximum value (5) for all machines. This will prevent the usage of the older NTLMv1 protocol, while still allowing NTLMv2. Please see Network security: LAN Manager authentication level for more information. Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Critical | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21311 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Critical | Elevation of Privilege | 5048667 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Critical | Elevation of Privilege | 5048667 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Elevation of Privilege | 5048653 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Critical | Elevation of Privilege | 5048667 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Elevation of Privilege | 5048667 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21311 | Dylan Bickerstaff with below average |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21333
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
CVE-2025-21333 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21333 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21334
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
CVE-2025-21334 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21334 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21246
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21246 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21246 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21417
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21417 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21417 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21250
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21250 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21250 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21240
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21240 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21240 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21238
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21238 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21238 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21223
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21223 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21223 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21409
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21409 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21409 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21245
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21245 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21245 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2022-32149
MITRE NVD Issuing CNA: security@golang.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 08-Nov-23 Information published. 1.1 24-Jan-24 Added sriov-network-device-plugin to CBL-Mariner 2.0 1.2 30-Jun-24 Information published. 1.3 29-Aug-24 Information published. 1.4 30-Aug-24 Information published. 1.5 31-Aug-24 Information published. 1.6 01-Sep-24 Information published. 1.7 02-Sep-24 Information published. 1.8 03-Sep-24 Information published. 1.9 05-Sep-24 Information published. 2.0 06-Sep-24 Information published. 2.1 07-Sep-24 Information published. 2.2 08-Sep-24 Information published. 2.3 11-Sep-24 Information published. 2.4 13-Sep-24 Information published. 2.5 19-Sep-24 Information published. 2.6 20-Sep-24 Information published. 2.7 21-Sep-24 Information published. 2.8 22-Sep-24 Information published. 2.9 23-Sep-24 Information published. 3.0 24-Sep-24 Information published. 3.1 25-Sep-24 Information published. 3.2 26-Sep-24 Information published. 3.3 27-Sep-24 Information published. 3.4 28-Sep-24 Information published. 3.5 29-Sep-24 Information published. 3.6 30-Sep-24 Information published. 3.7 01-Oct-24 Information published. 3.8 02-Oct-24 Information published. 3.9 03-Oct-24 Information published. 4.0 04-Oct-24 Information published. 4.1 05-Oct-24 Information published. 4.2 06-Oct-24 Information published. 4.3 07-Oct-24 Information published. 4.4 08-Oct-24 Information published. 4.5 09-Oct-24 Information published. 4.6 11-Oct-24 Information published. 4.7 12-Oct-24 Information published. 4.8 13-Oct-24 Information published. 4.9 14-Oct-24 Information published. 5.0 15-Oct-24 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 5.1 16-Oct-24 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 5.2 17-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 5.3 18-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 5.4 19-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 5.5 20-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 5.6 21-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 5.7 22-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 5.8 23-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 5.9 24-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 6.0 25-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 6.1 26-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 6.2 27-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 6.3 28-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 6.4 29-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 6.5 30-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 6.6 31-Oct-24 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 6.7 01-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 6.8 02-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 6.9 04-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 7.0 05-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 7.1 06-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 7.2 07-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 7.3 08-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 7.4 09-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 7.5 10-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 7.6 11-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 7.7 12-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 7.8 13-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 7.9 14-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 8.0 15-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 8.1 16-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 8.2 17-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 8.3 18-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 8.4 19-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 8.5 20-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 8.6 21-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 8.7 23-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 8.8 24-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 8.9 25-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 9.0 26-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 9.1 27-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 9.2 28-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 9.3 29-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 9.4 30-Nov-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 9.5 01-Dec-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 9.6 02-Dec-24 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 9.7 03-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 9.8 04-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 9.9 05-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 10.0 07-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 10.1 08-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 10.2 09-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 10.3 10-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 10.4 11-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 10.5 12-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 10.6 13-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 10.7 14-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 10.8 15-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 10.9 16-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 11.0 17-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 11.1 18-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 11.2 19-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 11.3 20-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 11.4 21-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 11.5 22-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 11.6 23-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 11.7 24-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 11.8 25-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 11.9 26-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 12.0 27-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 12.1 28-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 12.2 29-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 12.3 30-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 12.4 31-Dec-24 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 12.5 01-Jan-25 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 12.6 02-Jan-25 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 12.7 03-Jan-25 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 12.8 04-Jan-25 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 12.9 05-Jan-25 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 13.0 06-Jan-25 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 13.1 07-Jan-25 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 13.2 08-Jan-25 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 13.3 09-Jan-25 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 13.4 10-Jan-25 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 13.5 11-Jan-25 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 13.6 12-Jan-25 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 13.7 13-Jan-25 Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added gh to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added cni to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-32149 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | cni (CBL-Mariner) keda (CBL-Mariner) kubevirt (CBL-Mariner) multus (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.1.2-3 2.14.0-1 1.2.0-1 4.0.2-1 |
None | ||
Azure Linux 3.0 x64 | cni (CBL-Mariner) keda (CBL-Mariner) kubevirt (CBL-Mariner) multus (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.1.2-3 2.14.0-1 1.2.0-1 4.0.2-1 |
None | ||
CBL Mariner 2.0 ARM | application-gateway-kubernetes-ingress (CBL-Mariner) cf-cli (CBL-Mariner) containerized-data-importer (CBL-Mariner) gh (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.4.0-22 8.4.0-21 1.55.0-20 2.13.0-22 |
None | ||
CBL Mariner 2.0 x64 | application-gateway-kubernetes-ingress (CBL-Mariner) cf-cli (CBL-Mariner) containerized-data-importer (CBL-Mariner) gh (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.4.0-22 8.4.0-21 1.55.0-20 2.13.0-22 |
None |
CVE ID | Acknowledgements |
CVE-2022-32149 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2019-9674
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 18-Aug-20 Information published. 1.6 30-Jun-24 Information published. 1.7 08-Jul-24 Information published. 1.8 09-Jul-24 Information published. 1.9 10-Jul-24 Information published. 2.0 12-Jul-24 Information published. 2.1 13-Jul-24 Information published. 2.2 14-Jul-24 Information published. 2.3 15-Jul-24 Information published. 2.4 16-Jul-24 Information published. 2.5 17-Jul-24 Information published. 2.6 19-Jul-24 Information published. 2.7 20-Jul-24 Information published. 2.8 21-Jul-24 Information published. 2.9 22-Jul-24 Information published. 3.0 23-Jul-24 Information published. 3.1 24-Jul-24 Information published. 3.2 25-Jul-24 Information published. 3.3 26-Jul-24 Information published. 3.4 27-Jul-24 Information published. 3.5 28-Jul-24 Information published. 3.6 29-Jul-24 Information published. 3.7 02-Aug-24 Information published. 3.8 03-Aug-24 Information published. 3.9 04-Aug-24 Information published. 4.0 05-Aug-24 Information published. 4.1 06-Aug-24 Information published. 4.2 07-Aug-24 Information published. 4.3 08-Aug-24 Information published. 4.4 09-Aug-24 Information published. 4.5 10-Aug-24 Information published. 4.6 11-Aug-24 Information published. 4.7 12-Aug-24 Information published. 4.8 15-Aug-24 Information published. 4.9 16-Aug-24 Information published. 5.0 17-Aug-24 Information published. 5.1 18-Aug-24 Information published. 5.2 19-Aug-24 Information published. 5.3 20-Aug-24 Information published. 5.4 21-Aug-24 Information published. 5.5 22-Aug-24 Information published. 5.6 23-Aug-24 Information published. 5.7 24-Aug-24 Information published. 5.8 25-Aug-24 Information published. 5.9 26-Aug-24 Information published. 6.0 27-Aug-24 Information published. 6.1 28-Aug-24 Information published. 6.2 29-Aug-24 Information published. 6.3 30-Aug-24 Information published. 6.4 31-Aug-24 Information published. 6.5 01-Sep-24 Information published. 6.6 02-Sep-24 Information published. 6.7 03-Sep-24 Information published. 6.8 05-Sep-24 Information published. 6.9 06-Sep-24 Information published. 7.0 07-Sep-24 Information published. 7.1 08-Sep-24 Information published. 7.2 11-Sep-24 Information published. 7.3 12-Sep-24 Information published. 7.4 13-Sep-24 Information published. 7.5 14-Sep-24 Information published. 7.6 15-Sep-24 Information published. 7.7 16-Sep-24 Information published. 7.8 17-Sep-24 Information published. 7.9 18-Sep-24 Information published. 8.0 19-Sep-24 Information published. 8.1 20-Sep-24 Information published. 8.2 21-Sep-24 Information published. 8.3 22-Sep-24 Information published. 8.4 23-Sep-24 Information published. 8.5 24-Sep-24 Information published. 8.6 25-Sep-24 Information published. 8.7 26-Sep-24 Information published. 8.8 27-Sep-24 Information published. 8.9 28-Sep-24 Information published. 9.0 29-Sep-24 Information published. 9.1 30-Sep-24 Information published. 9.2 01-Oct-24 Information published. 9.3 02-Oct-24 Information published. 9.4 03-Oct-24 Information published. 9.5 04-Oct-24 Information published. 9.6 05-Oct-24 Information published. 9.7 06-Oct-24 Information published. 9.8 07-Oct-24 Information published. 9.9 08-Oct-24 Information published. 10.0 09-Oct-24 Information published. 10.1 10-Oct-24 Information published. 10.2 11-Oct-24 Information published. 10.3 12-Oct-24 Information published. 10.4 13-Oct-24 Information published. 10.5 14-Oct-24 Information published. 10.6 15-Oct-24 Added python2 to CBL-Mariner 1.0 10.7 16-Oct-24 Added python2 to CBL-Mariner 1.0 10.8 17-Oct-24 Added python2 to CBL-Mariner 1.0 10.9 18-Oct-24 Added python2 to CBL-Mariner 1.0 11.0 19-Oct-24 Added python2 to CBL-Mariner 1.0 11.1 20-Oct-24 Added python2 to CBL-Mariner 1.0 11.2 21-Oct-24 Added python2 to CBL-Mariner 1.0 11.3 22-Oct-24 Added python2 to CBL-Mariner 1.0 11.4 23-Oct-24 Added python2 to CBL-Mariner 1.0 11.5 24-Oct-24 Added python2 to CBL-Mariner 1.0 11.6 25-Oct-24 Added python2 to CBL-Mariner 1.0 11.7 26-Oct-24 Added python2 to CBL-Mariner 1.0 11.8 27-Oct-24 Added python2 to CBL-Mariner 1.0 11.9 28-Oct-24 Added python2 to CBL-Mariner 1.0 12.0 29-Oct-24 Added python2 to CBL-Mariner 1.0 12.1 30-Oct-24 Added python2 to CBL-Mariner 1.0 12.2 31-Oct-24 Added python2 to CBL-Mariner 1.0 12.3 01-Nov-24 Added python2 to CBL-Mariner 1.0 12.4 02-Nov-24 Added python2 to CBL-Mariner 1.0 12.5 04-Nov-24 Added python2 to CBL-Mariner 1.0 12.6 05-Nov-24 Added python2 to CBL-Mariner 1.0 12.7 06-Nov-24 Added python2 to CBL-Mariner 1.0 12.8 07-Nov-24 Added python2 to CBL-Mariner 1.0 12.9 08-Nov-24 Added python2 to CBL-Mariner 1.0 13.0 09-Nov-24 Added python2 to CBL-Mariner 1.0 13.1 10-Nov-24 Added python2 to CBL-Mariner 1.0 13.2 11-Nov-24 Added python2 to CBL-Mariner 1.0 13.3 12-Nov-24 Added python2 to CBL-Mariner 1.0 13.4 13-Nov-24 Added python2 to CBL-Mariner 1.0 13.5 14-Nov-24 Added python2 to CBL-Mariner 1.0 13.6 15-Nov-24 Added python2 to CBL-Mariner 1.0 13.7 16-Nov-24 Added python2 to CBL-Mariner 1.0 13.8 17-Nov-24 Added python2 to CBL-Mariner 1.0 13.9 18-Nov-24 Added python2 to CBL-Mariner 1.0 14.0 19-Nov-24 Added python2 to CBL-Mariner 1.0 14.1 20-Nov-24 Added python2 to CBL-Mariner 1.0 14.2 21-Nov-24 Added python2 to CBL-Mariner 1.0 14.3 23-Nov-24 Added python2 to CBL-Mariner 1.0 14.4 24-Nov-24 Added python2 to CBL-Mariner 1.0 14.5 25-Nov-24 Added python2 to CBL-Mariner 1.0 14.6 26-Nov-24 Added python2 to CBL-Mariner 1.0 14.7 27-Nov-24 Added python2 to CBL-Mariner 1.0 14.8 28-Nov-24 Added python2 to CBL-Mariner 1.0 14.9 29-Nov-24 Added python2 to CBL-Mariner 1.0 15.0 30-Nov-24 Added python2 to CBL-Mariner 1.0 15.1 01-Dec-24 Added python2 to CBL-Mariner 1.0 15.2 02-Dec-24 Added python2 to CBL-Mariner 1.0 15.3 03-Dec-24 Added python2 to CBL-Mariner 1.0 15.4 04-Dec-24 Added python2 to CBL-Mariner 1.0 15.5 05-Dec-24 Added python2 to CBL-Mariner 1.0 15.6 07-Dec-24 Added python2 to CBL-Mariner 1.0 15.7 08-Dec-24 Added python2 to CBL-Mariner 1.0 15.8 09-Dec-24 Added python2 to CBL-Mariner 1.0 15.9 10-Dec-24 Added python2 to CBL-Mariner 1.0 16.0 11-Dec-24 Added python2 to CBL-Mariner 1.0 16.1 12-Dec-24 Added python2 to CBL-Mariner 1.0 16.2 13-Dec-24 Added python2 to CBL-Mariner 1.0 16.3 14-Dec-24 Added python2 to CBL-Mariner 1.0 16.4 15-Dec-24 Added python2 to CBL-Mariner 1.0 16.5 16-Dec-24 Added python2 to CBL-Mariner 1.0 16.6 17-Dec-24 Added python2 to CBL-Mariner 1.0 16.7 18-Dec-24 Added python2 to CBL-Mariner 1.0 16.8 19-Dec-24 Added python2 to CBL-Mariner 1.0 16.9 20-Dec-24 Added python2 to CBL-Mariner 1.0 17.0 21-Dec-24 Added python2 to CBL-Mariner 1.0 17.1 22-Dec-24 Added python2 to CBL-Mariner 1.0 17.2 23-Dec-24 Added python2 to CBL-Mariner 1.0 17.3 24-Dec-24 Added python2 to CBL-Mariner 1.0 17.4 25-Dec-24 Added python2 to CBL-Mariner 1.0 17.5 26-Dec-24 Added python2 to CBL-Mariner 1.0 17.6 27-Dec-24 Added python2 to CBL-Mariner 1.0 17.7 28-Dec-24 Added python2 to CBL-Mariner 1.0 17.8 29-Dec-24 Added python2 to CBL-Mariner 1.0 17.9 30-Dec-24 Added python2 to CBL-Mariner 1.0 18.0 31-Dec-24 Added python2 to CBL-Mariner 1.0 18.1 01-Jan-25 Added python2 to CBL-Mariner 1.0 18.2 02-Jan-25 Added python2 to CBL-Mariner 1.0 18.3 03-Jan-25 Added python2 to CBL-Mariner 1.0 18.4 04-Jan-25 Added python2 to CBL-Mariner 1.0 18.5 05-Jan-25 Added python2 to CBL-Mariner 1.0 18.6 06-Jan-25 Added python2 to CBL-Mariner 1.0 18.7 07-Jan-25 Added python2 to CBL-Mariner 1.0 18.8 08-Jan-25 Added python2 to CBL-Mariner 1.0 18.9 09-Jan-25 Added python2 to CBL-Mariner 1.0 19.0 10-Jan-25 Added python2 to CBL-Mariner 1.0 19.1 11-Jan-25 Added python2 to CBL-Mariner 1.0 19.2 12-Jan-25 Added python2 to CBL-Mariner 1.0 19.3 13-Jan-25 Added python2 to CBL-Mariner 1.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2019-9674 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
CBL Mariner 1.0 ARM | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.7.18-5 | Unknown | None |
CBL Mariner 1.0 x64 | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.7.18-5 | Unknown | None |
CBL Mariner 2.0 ARM | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown | Unknown | None | |
CBL Mariner 2.0 x64 | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown | Unknown | None |
CVE ID | Acknowledgements |
CVE-2019-9674 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2021-20286
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:2.7/TemporalScore:2.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 19-Jan-22 Information published. 1.1 29-Aug-24 Information published. 1.2 30-Aug-24 Information published. 1.3 31-Aug-24 Information published. 1.4 01-Sep-24 Information published. 1.5 02-Sep-24 Information published. 1.6 03-Sep-24 Information published. 1.7 05-Sep-24 Information published. 1.8 06-Sep-24 Information published. 1.9 07-Sep-24 Information published. 2.0 08-Sep-24 Information published. 2.1 11-Sep-24 Information published. 2.2 12-Sep-24 Information published. 2.3 13-Sep-24 Information published. 2.4 14-Sep-24 Information published. 2.5 15-Sep-24 Information published. 2.6 16-Sep-24 Information published. 2.7 17-Sep-24 Information published. 2.8 18-Sep-24 Information published. 2.9 19-Sep-24 Information published. 3.0 20-Sep-24 Information published. 3.1 21-Sep-24 Information published. 3.2 22-Sep-24 Information published. 3.3 23-Sep-24 Information published. 3.4 24-Sep-24 Information published. 3.5 25-Sep-24 Information published. 3.6 26-Sep-24 Information published. 3.7 27-Sep-24 Information published. 3.8 28-Sep-24 Information published. 3.9 29-Sep-24 Information published. 4.0 30-Sep-24 Information published. 4.1 01-Oct-24 Information published. 4.2 02-Oct-24 Information published. 4.3 03-Oct-24 Information published. 4.4 04-Oct-24 Information published. 4.5 05-Oct-24 Information published. 4.6 06-Oct-24 Information published. 4.7 07-Oct-24 Information published. 4.8 09-Oct-24 Information published. 4.9 10-Oct-24 Information published. 5.0 11-Oct-24 Information published. 5.1 12-Oct-24 Information published. 5.2 13-Oct-24 Information published. 5.3 14-Oct-24 Information published. 5.4 15-Oct-24 Added libnbd to CBL-Mariner 2.0 5.5 16-Oct-24 Added libnbd to CBL-Mariner 2.0 5.6 17-Oct-24 Added libnbd to CBL-Mariner 2.0 5.7 18-Oct-24 Added libnbd to CBL-Mariner 2.0 5.8 19-Oct-24 Added libnbd to CBL-Mariner 2.0 5.9 20-Oct-24 Added libnbd to CBL-Mariner 2.0 6.0 21-Oct-24 Added libnbd to CBL-Mariner 2.0 6.1 22-Oct-24 Added libnbd to CBL-Mariner 2.0 6.2 23-Oct-24 Added libnbd to CBL-Mariner 2.0 6.3 24-Oct-24 Added libnbd to CBL-Mariner 2.0 6.4 25-Oct-24 Added libnbd to CBL-Mariner 2.0 6.5 26-Oct-24 Added libnbd to CBL-Mariner 2.0 6.6 27-Oct-24 Added libnbd to CBL-Mariner 2.0 6.7 28-Oct-24 Added libnbd to CBL-Mariner 2.0 6.8 29-Oct-24 Added libnbd to CBL-Mariner 2.0 6.9 30-Oct-24 Added libnbd to CBL-Mariner 2.0 7.0 31-Oct-24 Added libnbd to CBL-Mariner 2.0 7.1 01-Nov-24 Added libnbd to CBL-Mariner 2.0 7.2 02-Nov-24 Added libnbd to CBL-Mariner 2.0 7.3 04-Nov-24 Added libnbd to CBL-Mariner 2.0 7.4 05-Nov-24 Added libnbd to CBL-Mariner 2.0 7.5 06-Nov-24 Added libnbd to CBL-Mariner 2.0 7.6 07-Nov-24 Added libnbd to CBL-Mariner 2.0 7.7 08-Nov-24 Added libnbd to CBL-Mariner 2.0 7.8 09-Nov-24 Added libnbd to CBL-Mariner 2.0 7.9 10-Nov-24 Added libnbd to CBL-Mariner 2.0 8.0 11-Nov-24 Added libnbd to CBL-Mariner 2.0 8.1 12-Nov-24 Added libnbd to CBL-Mariner 2.0 8.2 13-Nov-24 Added libnbd to CBL-Mariner 2.0 8.3 14-Nov-24 Added libnbd to CBL-Mariner 2.0 8.4 15-Nov-24 Added libnbd to CBL-Mariner 2.0 8.5 16-Nov-24 Added libnbd to CBL-Mariner 2.0 8.6 17-Nov-24 Added libnbd to CBL-Mariner 2.0 8.7 18-Nov-24 Added libnbd to CBL-Mariner 2.0 8.8 19-Nov-24 Added libnbd to CBL-Mariner 2.0 8.9 20-Nov-24 Added libnbd to CBL-Mariner 2.0 9.0 21-Nov-24 Added libnbd to CBL-Mariner 2.0 9.1 23-Nov-24 Added libnbd to CBL-Mariner 2.0 9.2 24-Nov-24 Added libnbd to CBL-Mariner 2.0 9.3 25-Nov-24 Added libnbd to CBL-Mariner 2.0 9.4 26-Nov-24 Added libnbd to CBL-Mariner 2.0 9.5 27-Nov-24 Added libnbd to CBL-Mariner 2.0 9.6 28-Nov-24 Added libnbd to CBL-Mariner 2.0 9.7 29-Nov-24 Added libnbd to CBL-Mariner 2.0 9.8 30-Nov-24 Added libnbd to CBL-Mariner 2.0 9.9 01-Dec-24 Added libnbd to CBL-Mariner 2.0 10.0 02-Dec-24 Added libnbd to CBL-Mariner 2.0 10.1 03-Dec-24 Added libnbd to CBL-Mariner 2.0 10.2 04-Dec-24 Added libnbd to CBL-Mariner 2.0 10.3 05-Dec-24 Added libnbd to CBL-Mariner 2.0 10.4 07-Dec-24 Added libnbd to CBL-Mariner 2.0 10.5 08-Dec-24 Added libnbd to CBL-Mariner 2.0 10.6 09-Dec-24 Added libnbd to CBL-Mariner 2.0 10.7 10-Dec-24 Added libnbd to CBL-Mariner 2.0 10.8 11-Dec-24 Added libnbd to CBL-Mariner 2.0 10.9 12-Dec-24 Added libnbd to CBL-Mariner 2.0 11.0 13-Dec-24 Added libnbd to CBL-Mariner 2.0 11.1 14-Dec-24 Added libnbd to CBL-Mariner 2.0 11.2 15-Dec-24 Added libnbd to CBL-Mariner 2.0 11.3 16-Dec-24 Added libnbd to CBL-Mariner 2.0 11.4 17-Dec-24 Added libnbd to CBL-Mariner 2.0 11.5 18-Dec-24 Added libnbd to CBL-Mariner 2.0 11.6 19-Dec-24 Added libnbd to CBL-Mariner 2.0 11.7 20-Dec-24 Added libnbd to CBL-Mariner 2.0 11.8 21-Dec-24 Added libnbd to CBL-Mariner 2.0 11.9 22-Dec-24 Added libnbd to CBL-Mariner 2.0 12.0 23-Dec-24 Added libnbd to CBL-Mariner 2.0 12.1 24-Dec-24 Added libnbd to CBL-Mariner 2.0 12.2 25-Dec-24 Added libnbd to CBL-Mariner 2.0 12.3 26-Dec-24 Added libnbd to CBL-Mariner 2.0 12.4 27-Dec-24 Added libnbd to CBL-Mariner 2.0 12.5 28-Dec-24 Added libnbd to CBL-Mariner 2.0 12.6 29-Dec-24 Added libnbd to CBL-Mariner 2.0 12.7 30-Dec-24 Added libnbd to CBL-Mariner 2.0 12.8 31-Dec-24 Added libnbd to CBL-Mariner 2.0 12.9 01-Jan-25 Added libnbd to CBL-Mariner 2.0 13.0 02-Jan-25 Added libnbd to CBL-Mariner 2.0 13.1 03-Jan-25 Added libnbd to CBL-Mariner 2.0 13.2 04-Jan-25 Added libnbd to CBL-Mariner 2.0 13.3 05-Jan-25 Added libnbd to CBL-Mariner 2.0 13.4 06-Jan-25 Added libnbd to CBL-Mariner 2.0 13.5 07-Jan-25 Added libnbd to CBL-Mariner 2.0 13.6 08-Jan-25 Added libnbd to CBL-Mariner 2.0 13.7 09-Jan-25 Added libnbd to CBL-Mariner 2.0 13.8 10-Jan-25 Added libnbd to CBL-Mariner 2.0 13.9 11-Jan-25 Added libnbd to CBL-Mariner 2.0 14.0 12-Jan-25 Added libnbd to CBL-Mariner 2.0 14.1 13-Jan-25 Added libnbd to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2021-20286 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | Unknown | Unknown | None | Base: 2.7 Temporal: 2.7 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L |
Unknown | Unknown | None | |
Azure Linux 3.0 x64 | Unknown | Unknown | None | Base: 2.7 Temporal: 2.7 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L |
Unknown | Unknown | None | |
CBL Mariner 2.0 ARM | libnbd (CBL-Mariner) | Unknown | Unknown | None | Base: 2.7 Temporal: 2.7 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L |
1.12.1-1 | Unknown | None |
CBL Mariner 2.0 x64 | libnbd (CBL-Mariner) | Unknown | Unknown | None | Base: 2.7 Temporal: 2.7 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L |
1.12.1-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2021-20286 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2023-40548
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.4/TemporalScore:7.4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 1.1 07-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.2 08-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.3 09-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.4 10-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.5 11-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.6 12-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.7 13-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.8 14-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.9 15-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.0 16-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.1 17-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.2 18-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.3 19-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.4 20-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.5 21-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.6 22-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.7 23-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.8 24-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.9 25-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.0 26-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.1 27-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.2 28-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.3 29-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.4 30-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.5 31-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.6 01-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.7 02-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.8 03-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.9 04-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.0 05-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.1 06-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.2 07-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.3 08-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.4 09-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.5 10-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.6 11-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.7 12-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.8 13-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-40548 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 7.4 Temporal: 7.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
15.8-3 | None | ||
Azure Linux 3.0 x64 | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 7.4 Temporal: 7.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
15.8-3 | None | ||
CBL Mariner 2.0 ARM | shim (CBL-Mariner) shim-unsigned-x64 (CBL-Mariner) |
Unknown | Unknown | Base: 7.4 Temporal: 7.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
15.8-1 | None | ||
CBL Mariner 2.0 x64 | shim (CBL-Mariner) shim-unsigned-x64 (CBL-Mariner) |
Unknown | Unknown | Base: 7.4 Temporal: 7.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
15.8-1 | None |
CVE ID | Acknowledgements |
CVE-2023-40548 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2023-40549
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 1.1 07-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.2 08-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.3 09-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.4 10-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.5 11-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.6 12-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.7 13-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.8 14-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.9 15-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.0 16-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.1 17-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.2 18-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.3 19-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.4 20-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.5 21-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.6 22-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.7 23-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.8 24-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.9 25-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.0 26-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.1 27-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.2 28-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.3 29-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.4 30-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.5 31-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.6 01-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.7 02-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.8 03-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.9 04-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.0 05-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.1 06-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.2 07-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.3 08-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.4 09-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.5 10-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.6 11-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.7 12-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.8 13-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-40549 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
15.8-3 | None | ||
Azure Linux 3.0 x64 | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
15.8-3 | None | ||
CBL Mariner 2.0 ARM | shim (CBL-Mariner) shim-unsigned-x64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
15.8-1 | None | ||
CBL Mariner 2.0 x64 | shim (CBL-Mariner) shim-unsigned-x64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
15.8-1 | None |
CVE ID | Acknowledgements |
CVE-2023-40549 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2019-3816
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 02-Apr-24 Information published. 1.6 30-Jun-24 Information published. 1.1 02-Jul-24 Information published. 1.2 03-Jul-24 Information published. 1.3 04-Jul-24 Information published. 1.4 05-Jul-24 Information published. 1.5 06-Jul-24 Information published. 1.7 08-Jul-24 Information published. 1.8 09-Jul-24 Information published. 1.9 10-Jul-24 Information published. 2.0 12-Jul-24 Information published. 2.1 13-Jul-24 Information published. 2.2 14-Jul-24 Information published. 2.3 15-Jul-24 Information published. 2.4 16-Jul-24 Information published. 2.5 17-Jul-24 Information published. 2.6 19-Jul-24 Information published. 2.7 20-Jul-24 Information published. 2.8 21-Jul-24 Information published. 2.9 22-Jul-24 Information published. 3.0 23-Jul-24 Information published. 3.1 24-Jul-24 Information published. 3.2 25-Jul-24 Information published. 3.3 26-Jul-24 Information published. 3.4 27-Jul-24 Information published. 3.5 28-Jul-24 Information published. 3.6 29-Jul-24 Information published. 3.7 02-Aug-24 Information published. 3.8 03-Aug-24 Information published. 3.9 04-Aug-24 Information published. 4.0 05-Aug-24 Information published. 4.1 06-Aug-24 Information published. 4.2 07-Aug-24 Information published. 4.3 08-Aug-24 Information published. 4.4 09-Aug-24 Information published. 4.5 10-Aug-24 Information published. 4.6 11-Aug-24 Information published. 4.7 12-Aug-24 Information published. 4.8 16-Aug-24 Information published. 4.9 17-Aug-24 Information published. 5.0 18-Aug-24 Information published. 5.1 19-Aug-24 Information published. 5.2 20-Aug-24 Information published. 5.3 21-Aug-24 Information published. 5.4 22-Aug-24 Information published. 5.5 23-Aug-24 Information published. 5.6 24-Aug-24 Information published. 5.7 25-Aug-24 Information published. 5.8 26-Aug-24 Information published. 5.9 27-Aug-24 Information published. 6.0 28-Aug-24 Information published. 6.1 29-Aug-24 Information published. 6.2 30-Aug-24 Information published. 6.3 31-Aug-24 Information published. 6.4 01-Sep-24 Information published. 6.5 02-Sep-24 Information published. 6.6 03-Sep-24 Information published. 6.7 05-Sep-24 Information published. 6.8 06-Sep-24 Information published. 6.9 07-Sep-24 Information published. 7.0 08-Sep-24 Information published. 7.1 11-Sep-24 Information published. 7.2 12-Sep-24 Information published. 7.3 13-Sep-24 Information published. 7.4 14-Sep-24 Information published. 7.5 15-Sep-24 Information published. 7.6 16-Sep-24 Information published. 7.7 17-Sep-24 Information published. 7.8 18-Sep-24 Information published. 7.9 19-Sep-24 Information published. 8.0 20-Sep-24 Information published. 8.1 21-Sep-24 Information published. 8.2 22-Sep-24 Information published. 8.3 23-Sep-24 Information published. 8.4 24-Sep-24 Information published. 8.5 25-Sep-24 Information published. 8.6 26-Sep-24 Information published. 8.7 27-Sep-24 Information published. 8.8 28-Sep-24 Information published. 8.9 29-Sep-24 Information published. 9.0 30-Sep-24 Information published. 9.1 01-Oct-24 Information published. 9.2 02-Oct-24 Information published. 9.3 03-Oct-24 Information published. 9.4 04-Oct-24 Information published. 9.5 05-Oct-24 Information published. 9.6 06-Oct-24 Information published. 9.7 07-Oct-24 Information published. 9.8 08-Oct-24 Information published. 9.9 09-Oct-24 Information published. 10.0 10-Oct-24 Information published. 10.1 11-Oct-24 Information published. 10.2 12-Oct-24 Information published. 10.3 13-Oct-24 Information published. 10.4 14-Oct-24 Information published. 10.5 15-Oct-24 Added openwsman to CBL-Mariner 2.0 10.6 16-Oct-24 Added openwsman to CBL-Mariner 2.0 10.7 17-Oct-24 Added openwsman to CBL-Mariner 2.0 10.8 18-Oct-24 Added openwsman to CBL-Mariner 2.0 10.9 19-Oct-24 Added openwsman to CBL-Mariner 2.0 11.0 20-Oct-24 Added openwsman to CBL-Mariner 2.0 11.1 21-Oct-24 Added openwsman to CBL-Mariner 2.0 11.2 22-Oct-24 Added openwsman to CBL-Mariner 2.0 11.3 23-Oct-24 Added openwsman to CBL-Mariner 2.0 11.4 24-Oct-24 Added openwsman to CBL-Mariner 2.0 11.5 25-Oct-24 Added openwsman to CBL-Mariner 2.0 11.6 26-Oct-24 Added openwsman to CBL-Mariner 2.0 11.7 27-Oct-24 Added openwsman to CBL-Mariner 2.0 11.8 28-Oct-24 Added openwsman to CBL-Mariner 2.0 11.9 29-Oct-24 Added openwsman to CBL-Mariner 2.0 12.0 30-Oct-24 Added openwsman to CBL-Mariner 2.0 12.1 31-Oct-24 Added openwsman to CBL-Mariner 2.0 12.2 01-Nov-24 Added openwsman to CBL-Mariner 2.0 12.3 02-Nov-24 Added openwsman to CBL-Mariner 2.0 12.4 04-Nov-24 Added openwsman to CBL-Mariner 2.0 12.5 05-Nov-24 Added openwsman to CBL-Mariner 2.0 12.6 06-Nov-24 Added openwsman to CBL-Mariner 2.0 12.7 07-Nov-24 Added openwsman to CBL-Mariner 2.0 12.8 08-Nov-24 Added openwsman to CBL-Mariner 2.0 12.9 09-Nov-24 Added openwsman to CBL-Mariner 2.0 13.0 10-Nov-24 Added openwsman to CBL-Mariner 2.0 13.1 11-Nov-24 Added openwsman to CBL-Mariner 2.0 13.2 12-Nov-24 Added openwsman to CBL-Mariner 2.0 13.3 13-Nov-24 Added openwsman to CBL-Mariner 2.0 13.4 14-Nov-24 Added openwsman to CBL-Mariner 2.0 13.5 15-Nov-24 Added openwsman to CBL-Mariner 2.0 13.6 16-Nov-24 Added openwsman to CBL-Mariner 2.0 13.7 17-Nov-24 Added openwsman to CBL-Mariner 2.0 13.8 18-Nov-24 Added openwsman to CBL-Mariner 2.0 13.9 19-Nov-24 Added openwsman to CBL-Mariner 2.0 14.0 20-Nov-24 Added openwsman to CBL-Mariner 2.0 14.1 21-Nov-24 Added openwsman to CBL-Mariner 2.0 14.2 23-Nov-24 Added openwsman to CBL-Mariner 2.0 14.3 24-Nov-24 Added openwsman to CBL-Mariner 2.0 14.4 25-Nov-24 Added openwsman to CBL-Mariner 2.0 14.5 26-Nov-24 Added openwsman to CBL-Mariner 2.0 14.6 27-Nov-24 Added openwsman to CBL-Mariner 2.0 14.7 28-Nov-24 Added openwsman to CBL-Mariner 2.0 14.8 29-Nov-24 Added openwsman to CBL-Mariner 2.0 14.9 30-Nov-24 Added openwsman to CBL-Mariner 2.0 15.0 01-Dec-24 Added openwsman to CBL-Mariner 2.0 15.1 02-Dec-24 Added openwsman to CBL-Mariner 2.0 15.2 03-Dec-24 Added openwsman to CBL-Mariner 2.0 15.3 04-Dec-24 Added openwsman to CBL-Mariner 2.0 15.4 05-Dec-24 Added openwsman to CBL-Mariner 2.0 15.5 07-Dec-24 Added openwsman to CBL-Mariner 2.0 15.6 08-Dec-24 Added openwsman to CBL-Mariner 2.0 15.7 09-Dec-24 Added openwsman to CBL-Mariner 2.0 15.8 10-Dec-24 Added openwsman to CBL-Mariner 2.0 15.9 11-Dec-24 Added openwsman to CBL-Mariner 2.0 16.0 12-Dec-24 Added openwsman to CBL-Mariner 2.0 16.1 13-Dec-24 Added openwsman to CBL-Mariner 2.0 16.2 14-Dec-24 Added openwsman to CBL-Mariner 2.0 16.3 15-Dec-24 Added openwsman to CBL-Mariner 2.0 16.4 16-Dec-24 Added openwsman to CBL-Mariner 2.0 16.5 17-Dec-24 Added openwsman to CBL-Mariner 2.0 16.6 18-Dec-24 Added openwsman to CBL-Mariner 2.0 16.7 19-Dec-24 Added openwsman to CBL-Mariner 2.0 16.8 20-Dec-24 Added openwsman to CBL-Mariner 2.0 16.9 21-Dec-24 Added openwsman to CBL-Mariner 2.0 17.0 22-Dec-24 Added openwsman to CBL-Mariner 2.0 17.1 23-Dec-24 Added openwsman to CBL-Mariner 2.0 17.2 24-Dec-24 Added openwsman to CBL-Mariner 2.0 17.3 25-Dec-24 Added openwsman to CBL-Mariner 2.0 17.4 26-Dec-24 Added openwsman to CBL-Mariner 2.0 17.5 27-Dec-24 Added openwsman to CBL-Mariner 2.0 17.6 28-Dec-24 Added openwsman to CBL-Mariner 2.0 17.7 29-Dec-24 Added openwsman to CBL-Mariner 2.0 17.8 30-Dec-24 Added openwsman to CBL-Mariner 2.0 17.9 31-Dec-24 Added openwsman to CBL-Mariner 2.0 18.0 01-Jan-25 Added openwsman to CBL-Mariner 2.0 18.1 02-Jan-25 Added openwsman to CBL-Mariner 2.0 18.2 03-Jan-25 Added openwsman to CBL-Mariner 2.0 18.3 04-Jan-25 Added openwsman to CBL-Mariner 2.0 18.4 05-Jan-25 Added openwsman to CBL-Mariner 2.0 18.5 06-Jan-25 Added openwsman to CBL-Mariner 2.0 18.6 07-Jan-25 Added openwsman to CBL-Mariner 2.0 18.7 08-Jan-25 Added openwsman to CBL-Mariner 2.0 18.8 09-Jan-25 Added openwsman to CBL-Mariner 2.0 18.9 10-Jan-25 Added openwsman to CBL-Mariner 2.0 19.0 11-Jan-25 Added openwsman to CBL-Mariner 2.0 19.1 12-Jan-25 Added openwsman to CBL-Mariner 2.0 19.2 13-Jan-25 Added openwsman to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2019-3816 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Unknown | Unknown | None | |
Azure Linux 3.0 x64 | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Unknown | Unknown | None | |
CBL Mariner 2.0 ARM | openwsman (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.6.8-13 | Unknown | None |
CBL Mariner 2.0 x64 | openwsman (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.6.8-13 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2019-3816 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-53580
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 0.1 08-Jan-25 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-53580 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
CBL Mariner 2.0 ARM | iperf3 (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.18-1 | Unknown | None |
CBL Mariner 2.0 x64 | iperf3 (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.18-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-53580 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-9355
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. 1.1 09-Jan-25 Added msft-golang to CBL-Mariner 2.0 Added golang to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-9355 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | golang (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L |
1.23.3-2 | Unknown | None |
Azure Linux 3.0 x64 | golang (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L |
1.23.3-2 | Unknown | None |
CBL Mariner 2.0 ARM | msft-golang (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L |
1.22.10-1 | Unknown | None |
CBL Mariner 2.0 x64 | msft-golang (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L |
1.22.10-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-9355 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-46757
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Oct-24 Information published. 1.1 16-Oct-24 Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0 1.2 10-Jan-25 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-46757 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
6.6.51.1-5 | Unknown | None |
Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
6.6.51.1-5 | Unknown | None |
CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
5.15.167.1-1 | Unknown | None |
CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
5.15.167.1-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-46757 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-35795
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 1.1 11-Jan-25 Added hyperv-daemons to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-35795 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-1 | Unknown | None |
Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-35795 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2019-14584
MITRE NVD Issuing CNA: secure@intel.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-Dec-24 Information published. 1.1 08-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 1.2 09-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 1.3 10-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 1.4 11-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 1.5 12-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 1.6 13-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 1.7 14-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 1.8 15-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 1.9 16-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 2.0 17-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 2.1 18-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 2.2 19-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 2.3 20-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 2.4 21-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 2.5 22-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 2.6 23-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 2.7 24-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 2.8 25-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 2.9 26-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 3.0 27-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 3.1 28-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 3.2 29-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 3.3 30-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 3.4 31-Dec-24 Added shim-unsigned-aarch64 to Azure Linux 3.0 3.5 01-Jan-25 Added shim-unsigned-aarch64 to Azure Linux 3.0 3.6 02-Jan-25 Added shim-unsigned-aarch64 to Azure Linux 3.0 3.7 03-Jan-25 Added shim-unsigned-aarch64 to Azure Linux 3.0 3.8 04-Jan-25 Added shim-unsigned-aarch64 to Azure Linux 3.0 3.9 05-Jan-25 Added shim-unsigned-aarch64 to Azure Linux 3.0 4.0 06-Jan-25 Added shim-unsigned-aarch64 to Azure Linux 3.0 4.1 07-Jan-25 Added shim-unsigned-aarch64 to Azure Linux 3.0 4.2 08-Jan-25 Added shim-unsigned-aarch64 to Azure Linux 3.0 4.3 09-Jan-25 Added shim-unsigned-aarch64 to Azure Linux 3.0 4.4 10-Jan-25 Added shim-unsigned-aarch64 to Azure Linux 3.0 4.5 11-Jan-25 Added shim-unsigned-aarch64 to Azure Linux 3.0 4.6 12-Jan-25 Added shim-unsigned-aarch64 to Azure Linux 3.0 4.7 13-Jan-25 Added shim-unsigned-aarch64 to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2019-14584 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | shim-unsigned-aarch64 (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
15.8-3 | Unknown | None |
Azure Linux 3.0 x64 | shim-unsigned-aarch64 (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
15.8-3 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2019-14584 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2017-17522
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:8.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 18-Aug-20 Information published. 1.6 30-Jun-24 Information published. 1.7 08-Jul-24 Information published. 1.8 09-Jul-24 Information published. 1.9 10-Jul-24 Information published. 2.0 12-Jul-24 Information published. 2.1 13-Jul-24 Information published. 2.2 14-Jul-24 Information published. 2.3 15-Jul-24 Information published. 2.4 16-Jul-24 Information published. 2.5 17-Jul-24 Information published. 2.6 19-Jul-24 Information published. 2.7 20-Jul-24 Information published. 2.8 21-Jul-24 Information published. 2.9 22-Jul-24 Information published. 3.0 23-Jul-24 Information published. 3.1 24-Jul-24 Information published. 3.2 25-Jul-24 Information published. 3.3 26-Jul-24 Information published. 3.4 27-Jul-24 Information published. 3.5 28-Jul-24 Information published. 3.6 29-Jul-24 Information published. 3.7 02-Aug-24 Information published. 3.8 03-Aug-24 Information published. 3.9 04-Aug-24 Information published. 4.0 05-Aug-24 Information published. 4.1 06-Aug-24 Information published. 4.2 07-Aug-24 Information published. 4.3 08-Aug-24 Information published. 4.4 09-Aug-24 Information published. 4.5 10-Aug-24 Information published. 4.6 11-Aug-24 Information published. 4.7 12-Aug-24 Information published. 4.8 15-Aug-24 Information published. 4.9 16-Aug-24 Information published. 5.0 17-Aug-24 Information published. 5.1 18-Aug-24 Information published. 5.2 19-Aug-24 Information published. 5.3 20-Aug-24 Information published. 5.4 21-Aug-24 Information published. 5.5 22-Aug-24 Information published. 5.6 23-Aug-24 Information published. 5.7 24-Aug-24 Information published. 5.8 25-Aug-24 Information published. 5.9 26-Aug-24 Information published. 6.0 27-Aug-24 Information published. 6.1 28-Aug-24 Information published. 6.2 29-Aug-24 Information published. 6.3 30-Aug-24 Information published. 6.4 31-Aug-24 Information published. 6.5 01-Sep-24 Information published. 6.6 02-Sep-24 Information published. 6.7 03-Sep-24 Information published. 6.8 05-Sep-24 Information published. 6.9 06-Sep-24 Information published. 7.0 07-Sep-24 Information published. 7.1 08-Sep-24 Information published. 7.2 11-Sep-24 Information published. 7.3 12-Sep-24 Information published. 7.4 13-Sep-24 Information published. 7.5 14-Sep-24 Information published. 7.6 15-Sep-24 Information published. 7.7 16-Sep-24 Information published. 7.8 17-Sep-24 Information published. 7.9 18-Sep-24 Information published. 8.0 19-Sep-24 Information published. 8.1 20-Sep-24 Information published. 8.2 21-Sep-24 Information published. 8.3 22-Sep-24 Information published. 8.4 23-Sep-24 Information published. 8.5 24-Sep-24 Information published. 8.6 25-Sep-24 Information published. 8.7 26-Sep-24 Information published. 8.8 27-Sep-24 Information published. 8.9 28-Sep-24 Information published. 9.0 29-Sep-24 Information published. 9.1 30-Sep-24 Information published. 9.2 01-Oct-24 Information published. 9.3 02-Oct-24 Information published. 9.4 03-Oct-24 Information published. 9.5 04-Oct-24 Information published. 9.6 05-Oct-24 Information published. 9.7 06-Oct-24 Information published. 9.8 07-Oct-24 Information published. 9.9 08-Oct-24 Information published. 10.0 09-Oct-24 Information published. 10.1 10-Oct-24 Information published. 10.2 11-Oct-24 Information published. 10.3 12-Oct-24 Information published. 10.4 13-Oct-24 Information published. 10.5 14-Oct-24 Information published. 10.6 15-Oct-24 Added python2 to CBL-Mariner 1.0 10.7 16-Oct-24 Added python2 to CBL-Mariner 1.0 10.8 17-Oct-24 Added python2 to CBL-Mariner 1.0 10.9 18-Oct-24 Added python2 to CBL-Mariner 1.0 11.0 19-Oct-24 Added python2 to CBL-Mariner 1.0 11.1 20-Oct-24 Added python2 to CBL-Mariner 1.0 11.2 21-Oct-24 Added python2 to CBL-Mariner 1.0 11.3 22-Oct-24 Added python2 to CBL-Mariner 1.0 11.4 23-Oct-24 Added python2 to CBL-Mariner 1.0 11.5 24-Oct-24 Added python2 to CBL-Mariner 1.0 11.6 25-Oct-24 Added python2 to CBL-Mariner 1.0 11.7 26-Oct-24 Added python2 to CBL-Mariner 1.0 11.8 27-Oct-24 Added python2 to CBL-Mariner 1.0 11.9 28-Oct-24 Added python2 to CBL-Mariner 1.0 12.0 29-Oct-24 Added python2 to CBL-Mariner 1.0 12.1 30-Oct-24 Added python2 to CBL-Mariner 1.0 12.2 31-Oct-24 Added python2 to CBL-Mariner 1.0 12.3 01-Nov-24 Added python2 to CBL-Mariner 1.0 12.4 02-Nov-24 Added python2 to CBL-Mariner 1.0 12.5 04-Nov-24 Added python2 to CBL-Mariner 1.0 12.6 05-Nov-24 Added python2 to CBL-Mariner 1.0 12.7 06-Nov-24 Added python2 to CBL-Mariner 1.0 12.8 07-Nov-24 Added python2 to CBL-Mariner 1.0 12.9 08-Nov-24 Added python2 to CBL-Mariner 1.0 13.0 09-Nov-24 Added python2 to CBL-Mariner 1.0 13.1 10-Nov-24 Added python2 to CBL-Mariner 1.0 13.2 11-Nov-24 Added python2 to CBL-Mariner 1.0 13.3 12-Nov-24 Added python2 to CBL-Mariner 1.0 13.4 13-Nov-24 Added python2 to CBL-Mariner 1.0 13.5 14-Nov-24 Added python2 to CBL-Mariner 1.0 13.6 15-Nov-24 Added python2 to CBL-Mariner 1.0 13.7 16-Nov-24 Added python2 to CBL-Mariner 1.0 13.8 17-Nov-24 Added python2 to CBL-Mariner 1.0 13.9 18-Nov-24 Added python2 to CBL-Mariner 1.0 14.0 19-Nov-24 Added python2 to CBL-Mariner 1.0 14.1 20-Nov-24 Added python2 to CBL-Mariner 1.0 14.2 21-Nov-24 Added python2 to CBL-Mariner 1.0 14.3 23-Nov-24 Added python2 to CBL-Mariner 1.0 14.4 24-Nov-24 Added python2 to CBL-Mariner 1.0 14.5 25-Nov-24 Added python2 to CBL-Mariner 1.0 14.6 26-Nov-24 Added python2 to CBL-Mariner 1.0 14.7 27-Nov-24 Added python2 to CBL-Mariner 1.0 14.8 28-Nov-24 Added python2 to CBL-Mariner 1.0 14.9 29-Nov-24 Added python2 to CBL-Mariner 1.0 15.0 30-Nov-24 Added python2 to CBL-Mariner 1.0 15.1 01-Dec-24 Added python2 to CBL-Mariner 1.0 15.2 02-Dec-24 Added python2 to CBL-Mariner 1.0 15.3 03-Dec-24 Added python2 to CBL-Mariner 1.0 15.4 04-Dec-24 Added python2 to CBL-Mariner 1.0 15.5 05-Dec-24 Added python2 to CBL-Mariner 1.0 15.6 07-Dec-24 Added python2 to CBL-Mariner 1.0 15.7 08-Dec-24 Added python2 to CBL-Mariner 1.0 15.8 09-Dec-24 Added python2 to CBL-Mariner 1.0 15.9 10-Dec-24 Added python2 to CBL-Mariner 1.0 16.0 11-Dec-24 Added python2 to CBL-Mariner 1.0 16.1 12-Dec-24 Added python2 to CBL-Mariner 1.0 16.2 13-Dec-24 Added python2 to CBL-Mariner 1.0 16.3 14-Dec-24 Added python2 to CBL-Mariner 1.0 16.4 15-Dec-24 Added python2 to CBL-Mariner 1.0 16.5 16-Dec-24 Added python2 to CBL-Mariner 1.0 16.6 17-Dec-24 Added python2 to CBL-Mariner 1.0 16.7 18-Dec-24 Added python2 to CBL-Mariner 1.0 16.8 19-Dec-24 Added python2 to CBL-Mariner 1.0 16.9 20-Dec-24 Added python2 to CBL-Mariner 1.0 17.0 21-Dec-24 Added python2 to CBL-Mariner 1.0 17.1 22-Dec-24 Added python2 to CBL-Mariner 1.0 17.2 23-Dec-24 Added python2 to CBL-Mariner 1.0 17.3 24-Dec-24 Added python2 to CBL-Mariner 1.0 17.4 25-Dec-24 Added python2 to CBL-Mariner 1.0 17.5 26-Dec-24 Added python2 to CBL-Mariner 1.0 17.6 27-Dec-24 Added python2 to CBL-Mariner 1.0 17.7 28-Dec-24 Added python2 to CBL-Mariner 1.0 17.8 29-Dec-24 Added python2 to CBL-Mariner 1.0 17.9 30-Dec-24 Added python2 to CBL-Mariner 1.0 18.0 31-Dec-24 Added python2 to CBL-Mariner 1.0 18.1 01-Jan-25 Added python2 to CBL-Mariner 1.0 18.2 02-Jan-25 Added python2 to CBL-Mariner 1.0 18.3 03-Jan-25 Added python2 to CBL-Mariner 1.0 18.4 04-Jan-25 Added python2 to CBL-Mariner 1.0 18.5 05-Jan-25 Added python2 to CBL-Mariner 1.0 18.6 06-Jan-25 Added python2 to CBL-Mariner 1.0 18.7 07-Jan-25 Added python2 to CBL-Mariner 1.0 18.8 08-Jan-25 Added python2 to CBL-Mariner 1.0 18.9 09-Jan-25 Added python2 to CBL-Mariner 1.0 19.0 10-Jan-25 Added python2 to CBL-Mariner 1.0 19.1 11-Jan-25 Added python2 to CBL-Mariner 1.0 19.2 12-Jan-25 Added python2 to CBL-Mariner 1.0 19.3 13-Jan-25 Added python2 to CBL-Mariner 1.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2017-17522 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
CBL Mariner 1.0 ARM | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: 8.8 Temporal: 8.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.7.18-3 | Unknown | None |
CBL Mariner 1.0 x64 | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: 8.8 Temporal: 8.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.7.18-3 | Unknown | None |
CBL Mariner 2.0 ARM | Unknown | Unknown | None | Base: 8.8 Temporal: 8.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Unknown | Unknown | None | |
CBL Mariner 2.0 x64 | Unknown | Unknown | None | Base: 8.8 Temporal: 8.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Unknown | Unknown | None |
CVE ID | Acknowledgements |
CVE-2017-17522 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2023-40550
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 1.1 07-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.2 08-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.3 09-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.4 10-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.5 11-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.6 12-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.7 13-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.8 14-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.9 15-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.0 16-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.1 17-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.2 18-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.3 19-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.4 20-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.5 21-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.6 22-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.7 23-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.8 24-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.9 25-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.0 26-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.1 27-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.2 28-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.3 29-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.4 30-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.5 31-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.6 01-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.7 02-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.8 03-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.9 04-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.0 05-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.1 06-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.2 07-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.3 08-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.4 09-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.5 10-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.6 11-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.7 12-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.8 13-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-40550 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
15.8-3 | None | ||
Azure Linux 3.0 x64 | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
15.8-3 | None | ||
CBL Mariner 2.0 ARM | shim (CBL-Mariner) shim-unsigned-x64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
15.8-1 | None | ||
CBL Mariner 2.0 x64 | shim (CBL-Mariner) shim-unsigned-x64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
15.8-1 | None |
CVE ID | Acknowledgements |
CVE-2023-40550 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-3727
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:8.3/TemporalScore:8.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.1 30-Jun-24 Information published. 1.2 10-Jul-24 Information published. 1.3 16-Aug-24 Information published. 1.4 29-Aug-24 Information published. 1.5 30-Aug-24 Information published. 1.6 31-Aug-24 Information published. 1.7 01-Sep-24 Information published. 1.8 02-Sep-24 Information published. 1.9 03-Sep-24 Information published. 2.0 05-Sep-24 Information published. 2.1 06-Sep-24 Information published. 2.2 07-Sep-24 Information published. 2.3 08-Sep-24 Information published. 2.4 11-Sep-24 Information published. 2.5 19-Sep-24 Information published. 2.6 03-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 2.7 04-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 2.8 05-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 2.9 07-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 3.0 08-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 3.1 09-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 3.2 10-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 3.3 11-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 3.4 12-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 3.5 13-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 3.6 14-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 3.7 15-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 3.8 16-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 3.9 17-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 4.0 18-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 4.1 19-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 4.2 20-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 4.3 21-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 4.4 22-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 4.5 23-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 4.6 24-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 4.7 25-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 4.8 26-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 4.9 27-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 5.0 28-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 5.1 29-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 5.2 30-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 5.3 31-Dec-24 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 5.4 01-Jan-25 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 5.5 02-Jan-25 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 5.6 03-Jan-25 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 5.7 04-Jan-25 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 5.8 05-Jan-25 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 5.9 06-Jan-25 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 6.0 07-Jan-25 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 6.1 08-Jan-25 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 6.2 09-Jan-25 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 6.3 10-Jan-25 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 6.4 11-Jan-25 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 6.5 12-Jan-25 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 6.6 13-Jan-25 Added skopeo to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added libcontainers-common to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added ig to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-3727 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | libcontainers-common (CBL-Mariner) containerized-data-importer (CBL-Mariner) ig (CBL-Mariner) skopeo (CBL-Mariner) |
Unknown | Unknown | Base: 8.3 Temporal: 8.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
20240213-2 1.57.0-2 0.29.0-1 1.14.4-1 |
None | ||
Azure Linux 3.0 x64 | containerized-data-importer (CBL-Mariner) ig (CBL-Mariner) libcontainers-common (CBL-Mariner) skopeo (CBL-Mariner) |
Unknown | Unknown | Base: 8.3 Temporal: 8.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
1.57.0-2 0.29.0-1 20240213-2 1.14.4-1 |
None | ||
CBL Mariner 2.0 ARM | libcontainers-common (CBL-Mariner) containerized-data-importer (CBL-Mariner) cri-o (CBL-Mariner) skopeo (CBL-Mariner) |
Unknown | Unknown | Base: 8.3 Temporal: 8.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
20210626-7 1.55.0-19 1.22.3-4 1.14.2-4 |
None | ||
CBL Mariner 2.0 x64 | containerized-data-importer (CBL-Mariner) cri-o (CBL-Mariner) libcontainers-common (CBL-Mariner) skopeo (CBL-Mariner) |
Unknown | Unknown | Base: 8.3 Temporal: 8.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
1.55.0-19 1.22.3-4 20210626-7 1.14.2-4 |
None |
CVE ID | Acknowledgements |
CVE-2024-3727 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-6104
MITRE NVD Issuing CNA: security@hashicorp.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 05-Aug-24 Information published. 1.1 15-Aug-24 Information published. 1.2 16-Aug-24 Information published. 1.3 17-Aug-24 Information published. 1.4 18-Aug-24 Information published. 1.5 19-Aug-24 Information published. 1.6 20-Aug-24 Information published. 1.7 21-Aug-24 Information published. 1.8 22-Aug-24 Information published. 1.9 23-Aug-24 Information published. 2.0 24-Aug-24 Information published. 2.1 25-Aug-24 Information published. 2.2 26-Aug-24 Information published. 2.3 27-Aug-24 Information published. 2.4 28-Aug-24 Information published. 2.5 29-Aug-24 Information published. 2.6 30-Aug-24 Information published. 2.7 31-Aug-24 Information published. 2.8 01-Sep-24 Information published. 2.9 02-Sep-24 Information published. 3.0 03-Sep-24 Information published. 3.1 05-Sep-24 Information published. 3.2 06-Sep-24 Information published. 3.3 07-Sep-24 Information published. 3.4 08-Sep-24 Information published. 3.5 11-Sep-24 Information published. 3.6 13-Sep-24 Information published. 3.7 14-Sep-24 Information published. 3.8 15-Sep-24 Information published. 3.9 16-Sep-24 Information published. 4.0 17-Sep-24 Information published. 4.1 18-Sep-24 Information published. 4.2 19-Sep-24 Information published. 4.3 20-Sep-24 Information published. 4.4 21-Sep-24 Information published. 4.5 22-Sep-24 Information published. 4.6 23-Sep-24 Information published. 4.7 24-Sep-24 Information published. 4.8 25-Sep-24 Information published. 4.9 26-Sep-24 Information published. 5.0 27-Sep-24 Information published. 5.1 28-Sep-24 Information published. 5.2 29-Sep-24 Information published. 5.3 30-Sep-24 Information published. 5.4 01-Oct-24 Information published. 5.5 02-Oct-24 Information published. 5.6 03-Oct-24 Information published. 5.7 04-Oct-24 Information published. 5.8 05-Oct-24 Information published. 5.9 06-Oct-24 Information published. 6.0 07-Oct-24 Information published. 6.1 08-Oct-24 Information published. 6.2 09-Oct-24 Information published. 6.3 11-Oct-24 Information published. 6.4 12-Oct-24 Information published. 6.5 13-Oct-24 Information published. 6.6 14-Oct-24 Information published. 6.7 15-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 6.8 16-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 6.9 17-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 7.0 18-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 7.1 19-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 7.2 20-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 7.3 21-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 7.4 22-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 7.5 23-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 7.6 24-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 7.7 25-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 7.8 26-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 7.9 27-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 8.0 28-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 8.1 29-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 8.2 30-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 8.3 31-Oct-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 8.4 01-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 8.5 02-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 8.6 04-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 8.7 05-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 8.8 06-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 8.9 07-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 9.0 08-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 9.1 09-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 9.2 10-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 9.3 11-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 9.4 12-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 9.5 13-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 9.6 14-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 9.7 15-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 9.8 16-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 9.9 17-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 10.0 18-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 10.1 19-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 10.2 20-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 10.3 21-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 10.4 23-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 10.5 24-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 10.6 25-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 10.7 26-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 10.8 27-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 10.9 28-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 11.0 29-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 11.1 30-Nov-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 11.2 01-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 11.3 02-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 11.4 03-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 11.5 04-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 11.6 05-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 11.7 07-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 11.8 08-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 11.9 09-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 12.0 10-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 12.1 11-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 12.2 12-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 12.3 13-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 12.4 14-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 12.5 15-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 12.6 16-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 12.7 17-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 12.8 18-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 12.9 19-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 13.0 20-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 13.1 21-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 13.2 22-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 13.3 23-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 13.4 24-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 13.5 25-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 13.6 26-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 13.7 27-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 13.8 28-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 13.9 29-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 14.0 30-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 14.1 31-Dec-24 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 14.2 01-Jan-25 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 14.3 02-Jan-25 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 14.4 03-Jan-25 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 14.5 04-Jan-25 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 14.6 05-Jan-25 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 14.7 06-Jan-25 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 14.8 07-Jan-25 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 14.9 08-Jan-25 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 15.0 09-Jan-25 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 15.1 10-Jan-25 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 15.2 11-Jan-25 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 15.3 12-Jan-25 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 15.4 13-Jan-25 Added cert-manager to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-6104 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | libcontainers-common (CBL-Mariner) cert-manager (CBL-Mariner) influxdb (CBL-Mariner) keda (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
20240213-2 1.12.12-3 2.7.3-5 2.14.0-2 |
None | ||
Azure Linux 3.0 x64 | cert-manager (CBL-Mariner) influxdb (CBL-Mariner) keda (CBL-Mariner) libcontainers-common (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.12.12-3 2.7.3-5 2.14.0-2 20240213-2 |
None | ||
CBL Mariner 2.0 ARM | cert-manager (CBL-Mariner) influxdb (CBL-Mariner) keda (CBL-Mariner) packer (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.11.2-12 2.6.1-15 2.4.0-22 1.9.5-2 |
None | ||
CBL Mariner 2.0 x64 | cert-manager (CBL-Mariner) influxdb (CBL-Mariner) keda (CBL-Mariner) packer (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.11.2-12 2.6.1-15 2.4.0-22 1.9.5-2 |
None |
CVE ID | Acknowledgements |
CVE-2024-6104 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2023-45288
MITRE NVD Issuing CNA: security@golang.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 08-Apr-24 Information published. 1.1 20-Apr-24 Information published. 1.2 30-Jun-24 Information published. 1.3 02-Jul-24 Information published. 1.4 12-Jul-24 Information published. 1.5 07-Aug-24 Information published. 1.6 08-Aug-24 Information published. 1.7 09-Aug-24 Information published. 1.8 10-Aug-24 Information published. 1.9 11-Aug-24 Information published. 2.0 12-Aug-24 Information published. 2.1 15-Aug-24 Information published. 2.2 16-Aug-24 Information published. 2.3 17-Aug-24 Information published. 2.4 18-Aug-24 Information published. 2.5 19-Aug-24 Information published. 2.6 20-Aug-24 Information published. 2.7 21-Aug-24 Information published. 2.8 22-Aug-24 Information published. 2.9 23-Aug-24 Information published. 3.0 24-Aug-24 Information published. 3.1 25-Aug-24 Information published. 3.2 26-Aug-24 Information published. 3.3 11-Sep-24 Information published. 3.4 13-Sep-24 Information published. 3.5 14-Sep-24 Information published. 3.6 15-Sep-24 Information published. 3.7 16-Sep-24 Information published. 3.8 17-Sep-24 Information published. 3.9 18-Sep-24 Information published. 4.0 19-Sep-24 Information published. 4.1 20-Sep-24 Information published. 4.2 21-Sep-24 Information published. 4.3 22-Sep-24 Information published. 4.4 23-Sep-24 Information published. 4.5 24-Sep-24 Information published. 4.6 25-Sep-24 Information published. 4.7 26-Sep-24 Information published. 4.8 27-Sep-24 Information published. 4.9 28-Sep-24 Information published. 5.0 29-Sep-24 Information published. 5.1 30-Sep-24 Information published. 5.2 01-Oct-24 Information published. 5.3 02-Oct-24 Information published. 5.4 03-Oct-24 Information published. 5.5 04-Oct-24 Information published. 5.6 05-Oct-24 Information published. 5.7 06-Oct-24 Information published. 5.8 07-Oct-24 Information published. 5.9 09-Oct-24 Information published. 6.0 10-Oct-24 Information published. 6.1 11-Oct-24 Information published. 6.2 12-Oct-24 Information published. 6.3 13-Oct-24 Information published. 6.4 14-Oct-24 Information published. 6.5 15-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 6.6 16-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 6.7 17-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 6.8 18-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 6.9 19-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 7.0 20-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 7.1 21-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 7.2 22-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 7.3 23-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 7.4 24-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 7.5 25-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 7.6 26-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 7.7 27-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 7.8 28-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 7.9 29-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 8.0 30-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 8.1 31-Oct-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 8.2 01-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 8.3 02-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 8.4 04-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 8.5 05-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 8.6 06-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 8.7 07-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 8.8 08-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 8.9 09-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 9.0 10-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 9.1 11-Nov-24 Added nmi to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 9.2 12-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 9.3 13-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 9.4 14-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 9.5 15-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 9.6 16-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 9.7 17-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 9.8 18-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 9.9 19-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 10.0 20-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 10.1 21-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 10.2 23-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 10.3 24-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 10.4 25-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 10.5 26-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 10.6 27-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 10.7 28-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 10.8 29-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 10.9 30-Nov-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 11.0 01-Dec-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 11.1 02-Dec-24 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 11.2 03-Dec-24 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added nmi to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 11.3 04-Dec-24 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added nmi to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 11.4 05-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 11.5 07-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 11.6 08-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 11.7 09-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 11.8 10-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 11.9 11-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 12.0 12-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 12.1 13-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 12.2 14-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 12.3 15-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 12.4 16-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 12.5 17-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 12.6 18-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 12.7 19-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 12.8 20-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 12.9 21-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 13.0 22-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 13.1 23-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 13.2 24-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 13.3 25-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 13.4 26-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 13.5 27-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 13.6 28-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 13.7 29-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 13.8 30-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 13.9 31-Dec-24 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 14.0 01-Jan-25 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 14.1 02-Jan-25 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 14.2 03-Jan-25 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 14.3 04-Jan-25 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 14.4 05-Jan-25 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 14.5 06-Jan-25 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 14.6 07-Jan-25 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 14.7 08-Jan-25 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 14.8 09-Jan-25 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 14.9 10-Jan-25 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 15.0 11-Jan-25 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 15.1 12-Jan-25 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 15.2 13-Jan-25 Added nmi to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-engine to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added git-lfs to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kured to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added jx to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-45288 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | azcopy (CBL-Mariner) blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) coredns (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
10.25.1-1 2.3.0-1 1.12.12-1 1.11.1-2 |
None | ||
Azure Linux 3.0 x64 | azcopy (CBL-Mariner) blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) coredns (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
10.25.1-1 2.3.0-1 1.12.12-1 1.11.1-2 |
None | ||
CBL Mariner 2.0 ARM | azcopy (CBL-Mariner) blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) coredns (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
10.25.1-1 2.1.2-3 1.11.2-9 1.11.1-8 |
None | ||
CBL Mariner 2.0 x64 | azcopy (CBL-Mariner) blobfuse2 (CBL-Mariner) cert-manager (CBL-Mariner) coredns (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
10.25.1-1 2.1.2-3 1.11.2-9 1.11.1-8 |
None |
CVE ID | Acknowledgements |
CVE-2023-45288 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2017-18207
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 18-Aug-20 Information published. 1.6 30-Jun-24 Information published. 1.7 08-Jul-24 Information published. 1.8 09-Jul-24 Information published. 1.9 10-Jul-24 Information published. 2.0 12-Jul-24 Information published. 2.1 13-Jul-24 Information published. 2.2 14-Jul-24 Information published. 2.3 15-Jul-24 Information published. 2.4 16-Jul-24 Information published. 2.5 17-Jul-24 Information published. 2.6 19-Jul-24 Information published. 2.7 20-Jul-24 Information published. 2.8 21-Jul-24 Information published. 2.9 22-Jul-24 Information published. 3.0 23-Jul-24 Information published. 3.1 24-Jul-24 Information published. 3.2 25-Jul-24 Information published. 3.3 26-Jul-24 Information published. 3.4 27-Jul-24 Information published. 3.5 28-Jul-24 Information published. 3.6 29-Jul-24 Information published. 3.7 02-Aug-24 Information published. 3.8 03-Aug-24 Information published. 3.9 04-Aug-24 Information published. 4.0 05-Aug-24 Information published. 4.1 06-Aug-24 Information published. 4.2 07-Aug-24 Information published. 4.3 08-Aug-24 Information published. 4.4 09-Aug-24 Information published. 4.5 10-Aug-24 Information published. 4.6 11-Aug-24 Information published. 4.7 12-Aug-24 Information published. 4.8 15-Aug-24 Information published. 4.9 16-Aug-24 Information published. 5.0 17-Aug-24 Information published. 5.1 18-Aug-24 Information published. 5.2 19-Aug-24 Information published. 5.3 20-Aug-24 Information published. 5.4 21-Aug-24 Information published. 5.5 22-Aug-24 Information published. 5.6 23-Aug-24 Information published. 5.7 24-Aug-24 Information published. 5.8 25-Aug-24 Information published. 5.9 26-Aug-24 Information published. 6.0 27-Aug-24 Information published. 6.1 28-Aug-24 Information published. 6.2 29-Aug-24 Information published. 6.3 30-Aug-24 Information published. 6.4 31-Aug-24 Information published. 6.5 01-Sep-24 Information published. 6.6 02-Sep-24 Information published. 6.7 03-Sep-24 Information published. 6.8 05-Sep-24 Information published. 6.9 06-Sep-24 Information published. 7.0 07-Sep-24 Information published. 7.1 08-Sep-24 Information published. 7.2 11-Sep-24 Information published. 7.3 12-Sep-24 Information published. 7.4 13-Sep-24 Information published. 7.5 14-Sep-24 Information published. 7.6 15-Sep-24 Information published. 7.7 16-Sep-24 Information published. 7.8 17-Sep-24 Information published. 7.9 18-Sep-24 Information published. 8.0 19-Sep-24 Information published. 8.1 20-Sep-24 Information published. 8.2 21-Sep-24 Information published. 8.3 22-Sep-24 Information published. 8.4 23-Sep-24 Information published. 8.5 24-Sep-24 Information published. 8.6 25-Sep-24 Information published. 8.7 26-Sep-24 Information published. 8.8 27-Sep-24 Information published. 8.9 28-Sep-24 Information published. 9.0 29-Sep-24 Information published. 9.1 30-Sep-24 Information published. 9.2 01-Oct-24 Information published. 9.3 02-Oct-24 Information published. 9.4 03-Oct-24 Information published. 9.5 04-Oct-24 Information published. 9.6 05-Oct-24 Information published. 9.7 06-Oct-24 Information published. 9.8 07-Oct-24 Information published. 9.9 08-Oct-24 Information published. 10.0 09-Oct-24 Information published. 10.1 10-Oct-24 Information published. 10.2 11-Oct-24 Information published. 10.3 12-Oct-24 Information published. 10.4 13-Oct-24 Information published. 10.5 14-Oct-24 Information published. 10.6 15-Oct-24 Added python2 to CBL-Mariner 1.0 10.7 16-Oct-24 Added python2 to CBL-Mariner 1.0 10.8 17-Oct-24 Added python2 to CBL-Mariner 1.0 10.9 18-Oct-24 Added python2 to CBL-Mariner 1.0 11.0 19-Oct-24 Added python2 to CBL-Mariner 1.0 11.1 20-Oct-24 Added python2 to CBL-Mariner 1.0 11.2 21-Oct-24 Added python2 to CBL-Mariner 1.0 11.3 22-Oct-24 Added python2 to CBL-Mariner 1.0 11.4 23-Oct-24 Added python2 to CBL-Mariner 1.0 11.5 24-Oct-24 Added python2 to CBL-Mariner 1.0 11.6 25-Oct-24 Added python2 to CBL-Mariner 1.0 11.7 26-Oct-24 Added python2 to CBL-Mariner 1.0 11.8 27-Oct-24 Added python2 to CBL-Mariner 1.0 11.9 28-Oct-24 Added python2 to CBL-Mariner 1.0 12.0 29-Oct-24 Added python2 to CBL-Mariner 1.0 12.1 30-Oct-24 Added python2 to CBL-Mariner 1.0 12.2 31-Oct-24 Added python2 to CBL-Mariner 1.0 12.3 01-Nov-24 Added python2 to CBL-Mariner 1.0 12.4 02-Nov-24 Added python2 to CBL-Mariner 1.0 12.5 04-Nov-24 Added python2 to CBL-Mariner 1.0 12.6 05-Nov-24 Added python2 to CBL-Mariner 1.0 12.7 06-Nov-24 Added python2 to CBL-Mariner 1.0 12.8 07-Nov-24 Added python2 to CBL-Mariner 1.0 12.9 08-Nov-24 Added python2 to CBL-Mariner 1.0 13.0 09-Nov-24 Added python2 to CBL-Mariner 1.0 13.1 10-Nov-24 Added python2 to CBL-Mariner 1.0 13.2 11-Nov-24 Added python2 to CBL-Mariner 1.0 13.3 12-Nov-24 Added python2 to CBL-Mariner 1.0 13.4 13-Nov-24 Added python2 to CBL-Mariner 1.0 13.5 14-Nov-24 Added python2 to CBL-Mariner 1.0 13.6 15-Nov-24 Added python2 to CBL-Mariner 1.0 13.7 16-Nov-24 Added python2 to CBL-Mariner 1.0 13.8 17-Nov-24 Added python2 to CBL-Mariner 1.0 13.9 18-Nov-24 Added python2 to CBL-Mariner 1.0 14.0 19-Nov-24 Added python2 to CBL-Mariner 1.0 14.1 20-Nov-24 Added python2 to CBL-Mariner 1.0 14.2 21-Nov-24 Added python2 to CBL-Mariner 1.0 14.3 23-Nov-24 Added python2 to CBL-Mariner 1.0 14.4 24-Nov-24 Added python2 to CBL-Mariner 1.0 14.5 25-Nov-24 Added python2 to CBL-Mariner 1.0 14.6 26-Nov-24 Added python2 to CBL-Mariner 1.0 14.7 27-Nov-24 Added python2 to CBL-Mariner 1.0 14.8 28-Nov-24 Added python2 to CBL-Mariner 1.0 14.9 29-Nov-24 Added python2 to CBL-Mariner 1.0 15.0 30-Nov-24 Added python2 to CBL-Mariner 1.0 15.1 01-Dec-24 Added python2 to CBL-Mariner 1.0 15.2 02-Dec-24 Added python2 to CBL-Mariner 1.0 15.3 03-Dec-24 Added python2 to CBL-Mariner 1.0 15.4 04-Dec-24 Added python2 to CBL-Mariner 1.0 15.5 05-Dec-24 Added python2 to CBL-Mariner 1.0 15.6 07-Dec-24 Added python2 to CBL-Mariner 1.0 15.7 08-Dec-24 Added python2 to CBL-Mariner 1.0 15.8 09-Dec-24 Added python2 to CBL-Mariner 1.0 15.9 10-Dec-24 Added python2 to CBL-Mariner 1.0 16.0 11-Dec-24 Added python2 to CBL-Mariner 1.0 16.1 12-Dec-24 Added python2 to CBL-Mariner 1.0 16.2 13-Dec-24 Added python2 to CBL-Mariner 1.0 16.3 14-Dec-24 Added python2 to CBL-Mariner 1.0 16.4 15-Dec-24 Added python2 to CBL-Mariner 1.0 16.5 16-Dec-24 Added python2 to CBL-Mariner 1.0 16.6 17-Dec-24 Added python2 to CBL-Mariner 1.0 16.7 18-Dec-24 Added python2 to CBL-Mariner 1.0 16.8 19-Dec-24 Added python2 to CBL-Mariner 1.0 16.9 20-Dec-24 Added python2 to CBL-Mariner 1.0 17.0 21-Dec-24 Added python2 to CBL-Mariner 1.0 17.1 22-Dec-24 Added python2 to CBL-Mariner 1.0 17.2 23-Dec-24 Added python2 to CBL-Mariner 1.0 17.3 24-Dec-24 Added python2 to CBL-Mariner 1.0 17.4 25-Dec-24 Added python2 to CBL-Mariner 1.0 17.5 26-Dec-24 Added python2 to CBL-Mariner 1.0 17.6 27-Dec-24 Added python2 to CBL-Mariner 1.0 17.7 28-Dec-24 Added python2 to CBL-Mariner 1.0 17.8 29-Dec-24 Added python2 to CBL-Mariner 1.0 17.9 30-Dec-24 Added python2 to CBL-Mariner 1.0 18.0 31-Dec-24 Added python2 to CBL-Mariner 1.0 18.1 01-Jan-25 Added python2 to CBL-Mariner 1.0 18.2 02-Jan-25 Added python2 to CBL-Mariner 1.0 18.3 03-Jan-25 Added python2 to CBL-Mariner 1.0 18.4 04-Jan-25 Added python2 to CBL-Mariner 1.0 18.5 05-Jan-25 Added python2 to CBL-Mariner 1.0 18.6 06-Jan-25 Added python2 to CBL-Mariner 1.0 18.7 07-Jan-25 Added python2 to CBL-Mariner 1.0 18.8 08-Jan-25 Added python2 to CBL-Mariner 1.0 18.9 09-Jan-25 Added python2 to CBL-Mariner 1.0 19.0 10-Jan-25 Added python2 to CBL-Mariner 1.0 19.1 11-Jan-25 Added python2 to CBL-Mariner 1.0 19.2 12-Jan-25 Added python2 to CBL-Mariner 1.0 19.3 13-Jan-25 Added python2 to CBL-Mariner 1.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2017-18207 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
CBL Mariner 1.0 ARM | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.7.18-5 | Unknown | None |
CBL Mariner 1.0 x64 | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.7.18-5 | Unknown | None |
CBL Mariner 2.0 ARM | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown | Unknown | None | |
CBL Mariner 2.0 x64 | Unknown | Unknown | None | Base: 6.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Unknown | Unknown | None |
CVE ID | Acknowledgements |
CVE-2017-18207 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2007-4559
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 25-Sep-20 Information published. 1.1 16-Dec-21 Added python3 to CBL-Mariner 2.0 1.7 30-Jun-24 Information published. 1.8 08-Jul-24 Information published. 1.9 09-Jul-24 Information published. 2.0 10-Jul-24 Information published. 2.1 12-Jul-24 Information published. 2.2 13-Jul-24 Information published. 2.3 14-Jul-24 Information published. 2.4 15-Jul-24 Information published. 2.5 16-Jul-24 Information published. 2.6 17-Jul-24 Information published. 2.7 19-Jul-24 Information published. 2.8 20-Jul-24 Information published. 2.9 21-Jul-24 Information published. 3.0 22-Jul-24 Information published. 3.1 23-Jul-24 Information published. 3.2 24-Jul-24 Information published. 3.3 25-Jul-24 Information published. 3.4 26-Jul-24 Information published. 3.5 27-Jul-24 Information published. 3.6 28-Jul-24 Information published. 3.7 29-Jul-24 Information published. 3.8 02-Aug-24 Information published. 3.9 03-Aug-24 Information published. 4.0 04-Aug-24 Information published. 4.1 05-Aug-24 Information published. 4.2 06-Aug-24 Information published. 4.3 07-Aug-24 Information published. 4.4 08-Aug-24 Information published. 4.5 09-Aug-24 Information published. 4.6 10-Aug-24 Information published. 4.7 11-Aug-24 Information published. 4.8 12-Aug-24 Information published. 4.9 15-Aug-24 Information published. 5.0 16-Aug-24 Information published. 5.1 17-Aug-24 Information published. 5.2 18-Aug-24 Information published. 5.3 19-Aug-24 Information published. 5.4 20-Aug-24 Information published. 5.5 21-Aug-24 Information published. 5.6 22-Aug-24 Information published. 5.7 23-Aug-24 Information published. 5.8 24-Aug-24 Information published. 5.9 25-Aug-24 Information published. 6.0 26-Aug-24 Information published. 6.1 27-Aug-24 Information published. 6.2 28-Aug-24 Information published. 6.3 29-Aug-24 Information published. 6.4 30-Aug-24 Information published. 6.5 31-Aug-24 Information published. 6.6 01-Sep-24 Information published. 6.7 02-Sep-24 Information published. 6.8 03-Sep-24 Information published. 6.9 05-Sep-24 Information published. 7.0 06-Sep-24 Information published. 7.1 07-Sep-24 Information published. 7.2 08-Sep-24 Information published. 7.3 11-Sep-24 Information published. 7.4 12-Sep-24 Information published. 7.5 13-Sep-24 Information published. 7.6 14-Sep-24 Information published. 7.7 15-Sep-24 Information published. 7.8 16-Sep-24 Information published. 7.9 17-Sep-24 Information published. 8.0 18-Sep-24 Information published. 8.1 19-Sep-24 Information published. 8.2 20-Sep-24 Information published. 8.3 21-Sep-24 Information published. 8.4 22-Sep-24 Information published. 8.5 23-Sep-24 Information published. 8.6 24-Sep-24 Information published. 8.7 25-Sep-24 Information published. 8.8 26-Sep-24 Information published. 8.9 27-Sep-24 Information published. 9.0 28-Sep-24 Information published. 9.1 29-Sep-24 Information published. 9.2 30-Sep-24 Information published. 9.3 01-Oct-24 Information published. 9.4 02-Oct-24 Information published. 9.5 03-Oct-24 Information published. 9.6 04-Oct-24 Information published. 9.7 05-Oct-24 Information published. 9.8 06-Oct-24 Information published. 9.9 07-Oct-24 Information published. 10.0 08-Oct-24 Information published. 10.1 09-Oct-24 Information published. 10.2 10-Oct-24 Information published. 10.3 11-Oct-24 Information published. 10.4 12-Oct-24 Information published. 10.5 13-Oct-24 Information published. 10.6 14-Oct-24 Information published. 10.7 15-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 10.8 16-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 10.9 17-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 11.0 18-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 11.1 19-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 11.2 20-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 11.3 21-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 11.4 22-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 11.5 23-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 11.6 24-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 11.7 25-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 11.8 26-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 11.9 27-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 12.0 28-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 12.1 29-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 12.2 30-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 12.3 31-Oct-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 12.4 01-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 12.5 02-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 12.6 04-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 12.7 05-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 12.8 06-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 12.9 07-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 13.0 08-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 13.1 09-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 13.2 10-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 13.3 11-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 13.4 12-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 13.5 13-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 13.6 14-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 13.7 15-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 13.8 16-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 13.9 17-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 14.0 18-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 14.1 19-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 14.2 20-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 14.3 21-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 14.4 23-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 14.5 24-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 14.6 25-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 14.7 26-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 14.8 27-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 14.9 28-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 15.0 29-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 15.1 30-Nov-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 15.2 01-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 15.3 02-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 15.4 03-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 15.5 04-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 15.6 05-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 15.7 07-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 15.8 08-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 15.9 09-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 16.0 10-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 16.1 11-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 16.2 12-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 16.3 13-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 16.4 14-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 16.5 15-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 16.6 16-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 16.7 17-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 16.8 18-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 16.9 19-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 17.0 20-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 17.1 21-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 17.2 22-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 17.3 23-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 17.4 24-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 17.5 25-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 17.6 26-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 17.7 27-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 17.8 28-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 17.9 29-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 18.0 30-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 18.1 31-Dec-24 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 18.2 01-Jan-25 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 18.3 02-Jan-25 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 18.4 03-Jan-25 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 18.5 04-Jan-25 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 18.6 05-Jan-25 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 18.7 06-Jan-25 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 18.8 07-Jan-25 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 18.9 08-Jan-25 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 19.0 09-Jan-25 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 19.1 10-Jan-25 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 19.2 11-Jan-25 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 19.3 12-Jan-25 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 19.4 13-Jan-25 Added python3 to CBL-Mariner 2.0 Added python2 to CBL-Mariner 1.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2007-4559 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
CBL Mariner 1.0 ARM | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
2.7.18-5 | Unknown | None |
CBL Mariner 1.0 x64 | python2 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
2.7.18-5 | Unknown | None |
CBL Mariner 2.0 ARM | python3 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.9.19-1 | Unknown | None |
CBL Mariner 2.0 x64 | python3 (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
3.9.19-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2007-4559 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2019-20907
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 18-Aug-20 Information published. 1.6 30-Jun-24 Information published. 1.7 08-Jul-24 Information published. 1.8 09-Jul-24 Information published. 1.9 10-Jul-24 Information published. 2.0 12-Jul-24 Information published. 2.1 13-Jul-24 Information published. 2.2 14-Jul-24 Information published. 2.3 15-Jul-24 Information published. 2.4 16-Jul-24 Information published. 2.5 17-Jul-24 Information published. 2.6 19-Jul-24 Information published. 2.7 20-Jul-24 Information published. 2.8 21-Jul-24 Information published. 2.9 22-Jul-24 Information published. 3.0 23-Jul-24 Information published. 3.1 24-Jul-24 Information published. 3.2 25-Jul-24 Information published. 3.3 26-Jul-24 Information published. 3.4 27-Jul-24 Information published. 3.5 28-Jul-24 Information published. 3.6 29-Jul-24 Information published. 3.7 02-Aug-24 Information published. 3.8 03-Aug-24 Information published. 3.9 04-Aug-24 Information published. 4.0 05-Aug-24 Information published. 4.1 06-Aug-24 Information published. 4.2 07-Aug-24 Information published. 4.3 08-Aug-24 Information published. 4.4 09-Aug-24 Information published. 4.5 10-Aug-24 Information published. 4.6 11-Aug-24 Information published. 4.7 12-Aug-24 Information published. 4.8 15-Aug-24 Information published. 4.9 16-Aug-24 Information published. 5.0 17-Aug-24 Information published. 5.1 18-Aug-24 Information published. 5.2 19-Aug-24 Information published. 5.3 20-Aug-24 Information published. 5.4 21-Aug-24 Information published. 5.5 22-Aug-24 Information published. 5.6 23-Aug-24 Information published. 5.7 24-Aug-24 Information published. 5.8 25-Aug-24 Information published. 5.9 26-Aug-24 Information published. 6.0 27-Aug-24 Information published. 6.1 28-Aug-24 Information published. 6.2 29-Aug-24 Information published. 6.3 30-Aug-24 Information published. 6.4 31-Aug-24 Information published. 6.5 01-Sep-24 Information published. 6.6 02-Sep-24 Information published. 6.7 03-Sep-24 Information published. 6.8 05-Sep-24 Information published. 6.9 06-Sep-24 Information published. 7.0 07-Sep-24 Information published. 7.1 08-Sep-24 Information published. 7.2 11-Sep-24 Information published. 7.3 12-Sep-24 Information published. 7.4 13-Sep-24 Information published. 7.5 14-Sep-24 Information published. 7.6 15-Sep-24 Information published. 7.7 16-Sep-24 Information published. 7.8 17-Sep-24 Information published. 7.9 18-Sep-24 Information published. 8.0 19-Sep-24 Information published. 8.1 20-Sep-24 Information published. 8.2 21-Sep-24 Information published. 8.3 22-Sep-24 Information published. 8.4 23-Sep-24 Information published. 8.5 24-Sep-24 Information published. 8.6 25-Sep-24 Information published. 8.7 26-Sep-24 Information published. 8.8 27-Sep-24 Information published. 8.9 28-Sep-24 Information published. 9.0 29-Sep-24 Information published. 9.1 30-Sep-24 Information published. 9.2 01-Oct-24 Information published. 9.3 02-Oct-24 Information published. 9.4 03-Oct-24 Information published. 9.5 04-Oct-24 Information published. 9.6 05-Oct-24 Information published. 9.7 06-Oct-24 Information published. 9.8 07-Oct-24 Information published. 9.9 08-Oct-24 Information published. 10.0 09-Oct-24 Information published. 10.1 10-Oct-24 Information published. 10.2 11-Oct-24 Information published. 10.3 12-Oct-24 Information published. 10.4 13-Oct-24 Information published. 10.5 14-Oct-24 Information published. 10.6 15-Oct-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 10.7 16-Oct-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 10.8 17-Oct-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 10.9 18-Oct-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 11.0 19-Oct-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 11.1 20-Oct-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 11.2 21-Oct-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 11.3 22-Oct-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 11.4 23-Oct-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 11.5 24-Oct-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 11.6 25-Oct-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 11.7 26-Oct-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 11.8 27-Oct-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 11.9 28-Oct-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 12.0 29-Oct-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 12.1 30-Oct-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 12.2 31-Oct-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 12.3 01-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 12.4 02-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 12.5 04-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 12.6 05-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 12.7 06-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 12.8 07-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 12.9 08-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 13.0 09-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 13.1 10-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 13.2 11-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 13.3 12-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 13.4 13-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 13.5 14-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 13.6 15-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 13.7 16-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 13.8 17-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 13.9 18-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 14.0 19-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 14.1 20-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 14.2 21-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 14.3 23-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 14.4 24-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 14.5 25-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 14.6 26-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 14.7 27-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 14.8 28-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 14.9 29-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 15.0 30-Nov-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 15.1 01-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 15.2 02-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 15.3 03-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 15.4 04-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 15.5 05-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 15.6 07-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 15.7 08-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 15.8 09-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 15.9 10-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 16.0 11-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 16.1 12-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 16.2 13-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 16.3 14-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 16.4 15-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 16.5 16-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 16.6 17-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 16.7 18-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 16.8 19-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 16.9 20-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 17.0 21-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 17.1 22-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 17.2 23-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 17.3 24-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 17.4 25-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 17.5 26-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 17.6 27-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 17.7 28-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 17.8 29-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 17.9 30-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 18.0 31-Dec-24 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 18.1 01-Jan-25 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 18.2 02-Jan-25 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 18.3 03-Jan-25 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 18.4 04-Jan-25 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 18.5 05-Jan-25 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 18.6 06-Jan-25 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 18.7 07-Jan-25 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 18.8 08-Jan-25 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 18.9 09-Jan-25 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 19.0 10-Jan-25 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 19.1 11-Jan-25 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 19.2 12-Jan-25 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 19.3 13-Jan-25 Added python3 to CBL-Mariner 1.0 Added python2 to CBL-Mariner 1.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2019-20907 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
CBL Mariner 1.0 ARM | python2 (CBL-Mariner) python3 (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.7.18-5 3.7.10-3 |
None | ||
CBL Mariner 1.0 x64 | python2 (CBL-Mariner) python3 (CBL-Mariner) |
Unknown | Unknown | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.7.18-5 3.7.10-3 |
None | ||
CBL Mariner 2.0 ARM | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown | Unknown | None | |
CBL Mariner 2.0 x64 | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown | Unknown | None |
CVE ID | Acknowledgements |
CVE-2019-20907 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-52338
MITRE NVD Issuing CNA: security@apache.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 0.1 13-Dec-24 Information published. 0.2 14-Dec-24 Information published. 0.3 15-Dec-24 Information published. 0.4 16-Dec-24 Information published. 0.5 17-Dec-24 Information published. 0.6 18-Dec-24 Information published. 0.7 19-Dec-24 Information published. 0.8 20-Dec-24 Information published. 0.9 21-Dec-24 Information published. 1.0 22-Dec-24 Information published. 1.1 23-Dec-24 Added libarrow to Azure Linux 3.0 1.2 24-Dec-24 Added libarrow to Azure Linux 3.0 1.3 25-Dec-24 Added libarrow to Azure Linux 3.0 1.4 26-Dec-24 Added libarrow to Azure Linux 3.0 1.5 27-Dec-24 Added libarrow to Azure Linux 3.0 1.6 28-Dec-24 Added libarrow to Azure Linux 3.0 1.7 29-Dec-24 Added libarrow to Azure Linux 3.0 1.8 30-Dec-24 Added libarrow to Azure Linux 3.0 1.9 31-Dec-24 Added libarrow to Azure Linux 3.0 2.0 01-Jan-25 Added libarrow to Azure Linux 3.0 2.1 02-Jan-25 Added libarrow to Azure Linux 3.0 2.2 03-Jan-25 Added libarrow to Azure Linux 3.0 2.3 04-Jan-25 Added libarrow to Azure Linux 3.0 2.4 05-Jan-25 Added libarrow to Azure Linux 3.0 2.5 06-Jan-25 Added libarrow to Azure Linux 3.0 2.6 07-Jan-25 Added libarrow to Azure Linux 3.0 2.7 08-Jan-25 Added libarrow to Azure Linux 3.0 2.8 09-Jan-25 Added libarrow to Azure Linux 3.0 2.9 10-Jan-25 Added libarrow to Azure Linux 3.0 3.0 11-Jan-25 Added libarrow to Azure Linux 3.0 3.1 12-Jan-25 Added libarrow to Azure Linux 3.0 3.2 13-Jan-25 Added libarrow to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-52338 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | libarrow (CBL-Mariner) | Unknown | Unknown | None | Base: 9.8 Temporal: 9.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
15.0.0-7 | Unknown | None |
Azure Linux 3.0 x64 | libarrow (CBL-Mariner) | Unknown | Unknown | None | Base: 9.8 Temporal: 9.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
15.0.0-7 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-52338 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-34062
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.8/TemporalScore:4.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 07-May-24 Information published. 1.1 30-Jun-24 Information published. 1.2 29-Aug-24 Information published. 1.3 30-Aug-24 Information published. 1.4 31-Aug-24 Information published. 1.5 01-Sep-24 Information published. 1.6 02-Sep-24 Information published. 1.7 03-Sep-24 Information published. 1.8 05-Sep-24 Information published. 1.9 06-Sep-24 Information published. 2.0 07-Sep-24 Information published. 2.1 08-Sep-24 Information published. 2.2 11-Sep-24 Information published. 2.3 12-Sep-24 Information published. 2.4 13-Sep-24 Information published. 2.5 14-Sep-24 Information published. 2.6 15-Sep-24 Information published. 2.7 16-Sep-24 Information published. 2.8 17-Sep-24 Information published. 2.9 18-Sep-24 Information published. 3.0 19-Sep-24 Information published. 3.1 20-Sep-24 Information published. 3.2 21-Sep-24 Information published. 3.3 22-Sep-24 Information published. 3.4 23-Sep-24 Information published. 3.5 24-Sep-24 Information published. 3.6 25-Sep-24 Information published. 3.7 26-Sep-24 Information published. 3.8 27-Sep-24 Information published. 3.9 28-Sep-24 Information published. 4.0 29-Sep-24 Information published. 4.1 30-Sep-24 Information published. 4.2 01-Oct-24 Information published. 4.3 02-Oct-24 Information published. 4.4 03-Oct-24 Information published. 4.5 04-Oct-24 Information published. 4.6 05-Oct-24 Information published. 4.7 06-Oct-24 Information published. 4.8 07-Oct-24 Information published. 4.9 08-Oct-24 Information published. 5.0 09-Oct-24 Information published. 5.1 10-Oct-24 Information published. 5.2 11-Oct-24 Information published. 5.3 12-Oct-24 Information published. 5.4 13-Oct-24 Information published. 5.5 14-Oct-24 Information published. 5.6 15-Oct-24 Added python-tqdm to CBL-Mariner 2.0 5.7 16-Oct-24 Added python-tqdm to CBL-Mariner 2.0 5.8 17-Oct-24 Added python-tqdm to CBL-Mariner 2.0 5.9 18-Oct-24 Added python-tqdm to CBL-Mariner 2.0 6.0 19-Oct-24 Added python-tqdm to CBL-Mariner 2.0 6.1 20-Oct-24 Added python-tqdm to CBL-Mariner 2.0 6.2 21-Oct-24 Added python-tqdm to CBL-Mariner 2.0 6.3 22-Oct-24 Added python-tqdm to CBL-Mariner 2.0 6.4 23-Oct-24 Added python-tqdm to CBL-Mariner 2.0 6.5 24-Oct-24 Added python-tqdm to CBL-Mariner 2.0 6.6 25-Oct-24 Added python-tqdm to CBL-Mariner 2.0 6.7 26-Oct-24 Added python-tqdm to CBL-Mariner 2.0 6.8 27-Oct-24 Added python-tqdm to CBL-Mariner 2.0 6.9 28-Oct-24 Added python-tqdm to CBL-Mariner 2.0 7.0 29-Oct-24 Added python-tqdm to CBL-Mariner 2.0 7.1 30-Oct-24 Added python-tqdm to CBL-Mariner 2.0 7.2 31-Oct-24 Added python-tqdm to CBL-Mariner 2.0 7.3 01-Nov-24 Added python-tqdm to CBL-Mariner 2.0 7.4 02-Nov-24 Added python-tqdm to CBL-Mariner 2.0 7.5 04-Nov-24 Added python-tqdm to CBL-Mariner 2.0 7.6 05-Nov-24 Added python-tqdm to CBL-Mariner 2.0 7.7 06-Nov-24 Added python-tqdm to CBL-Mariner 2.0 7.8 07-Nov-24 Added python-tqdm to CBL-Mariner 2.0 7.9 08-Nov-24 Added python-tqdm to CBL-Mariner 2.0 8.0 09-Nov-24 Added python-tqdm to CBL-Mariner 2.0 8.1 10-Nov-24 Added python-tqdm to CBL-Mariner 2.0 8.2 11-Nov-24 Added python-tqdm to CBL-Mariner 2.0 8.3 12-Nov-24 Added python-tqdm to CBL-Mariner 2.0 8.4 13-Nov-24 Added python-tqdm to CBL-Mariner 2.0 8.5 14-Nov-24 Added python-tqdm to CBL-Mariner 2.0 8.6 15-Nov-24 Added python-tqdm to CBL-Mariner 2.0 8.7 16-Nov-24 Added python-tqdm to CBL-Mariner 2.0 8.8 17-Nov-24 Added python-tqdm to CBL-Mariner 2.0 8.9 18-Nov-24 Added python-tqdm to CBL-Mariner 2.0 9.0 19-Nov-24 Added python-tqdm to CBL-Mariner 2.0 9.1 20-Nov-24 Added python-tqdm to CBL-Mariner 2.0 9.2 21-Nov-24 Added python-tqdm to CBL-Mariner 2.0 9.3 23-Nov-24 Added python-tqdm to CBL-Mariner 2.0 9.4 24-Nov-24 Added python-tqdm to CBL-Mariner 2.0 9.5 25-Nov-24 Added python-tqdm to CBL-Mariner 2.0 9.6 26-Nov-24 Added python-tqdm to CBL-Mariner 2.0 9.7 27-Nov-24 Added python-tqdm to CBL-Mariner 2.0 9.8 28-Nov-24 Added python-tqdm to CBL-Mariner 2.0 9.9 29-Nov-24 Added python-tqdm to CBL-Mariner 2.0 10.0 30-Nov-24 Added python-tqdm to CBL-Mariner 2.0 10.1 01-Dec-24 Added python-tqdm to CBL-Mariner 2.0 10.2 02-Dec-24 Added python-tqdm to CBL-Mariner 2.0 10.3 03-Dec-24 Added python-tqdm to CBL-Mariner 2.0 10.4 04-Dec-24 Added python-tqdm to CBL-Mariner 2.0 10.5 05-Dec-24 Added python-tqdm to CBL-Mariner 2.0 10.6 07-Dec-24 Added python-tqdm to CBL-Mariner 2.0 10.7 08-Dec-24 Added python-tqdm to CBL-Mariner 2.0 10.8 09-Dec-24 Added python-tqdm to CBL-Mariner 2.0 10.9 10-Dec-24 Added python-tqdm to CBL-Mariner 2.0 11.0 11-Dec-24 Added python-tqdm to CBL-Mariner 2.0 11.1 12-Dec-24 Added python-tqdm to CBL-Mariner 2.0 11.2 13-Dec-24 Added python-tqdm to CBL-Mariner 2.0 11.3 14-Dec-24 Added python-tqdm to CBL-Mariner 2.0 11.4 15-Dec-24 Added python-tqdm to CBL-Mariner 2.0 11.5 16-Dec-24 Added python-tqdm to CBL-Mariner 2.0 11.6 17-Dec-24 Added python-tqdm to CBL-Mariner 2.0 11.7 18-Dec-24 Added python-tqdm to CBL-Mariner 2.0 11.8 19-Dec-24 Added python-tqdm to CBL-Mariner 2.0 11.9 20-Dec-24 Added python-tqdm to CBL-Mariner 2.0 12.0 21-Dec-24 Added python-tqdm to CBL-Mariner 2.0 12.1 22-Dec-24 Added python-tqdm to CBL-Mariner 2.0 12.2 23-Dec-24 Added python-tqdm to CBL-Mariner 2.0 12.3 24-Dec-24 Added python-tqdm to CBL-Mariner 2.0 12.4 25-Dec-24 Added python-tqdm to CBL-Mariner 2.0 12.5 26-Dec-24 Added python-tqdm to CBL-Mariner 2.0 12.6 27-Dec-24 Added python-tqdm to CBL-Mariner 2.0 12.7 28-Dec-24 Added python-tqdm to CBL-Mariner 2.0 12.8 29-Dec-24 Added python-tqdm to CBL-Mariner 2.0 12.9 30-Dec-24 Added python-tqdm to CBL-Mariner 2.0 13.0 31-Dec-24 Added python-tqdm to CBL-Mariner 2.0 13.1 01-Jan-25 Added python-tqdm to CBL-Mariner 2.0 13.2 02-Jan-25 Added python-tqdm to CBL-Mariner 2.0 13.3 03-Jan-25 Added python-tqdm to CBL-Mariner 2.0 13.4 04-Jan-25 Added python-tqdm to CBL-Mariner 2.0 13.5 05-Jan-25 Added python-tqdm to CBL-Mariner 2.0 13.6 06-Jan-25 Added python-tqdm to CBL-Mariner 2.0 13.7 07-Jan-25 Added python-tqdm to CBL-Mariner 2.0 13.8 08-Jan-25 Added python-tqdm to CBL-Mariner 2.0 13.9 09-Jan-25 Added python-tqdm to CBL-Mariner 2.0 14.0 10-Jan-25 Added python-tqdm to CBL-Mariner 2.0 14.1 11-Jan-25 Added python-tqdm to CBL-Mariner 2.0 14.2 12-Jan-25 Added python-tqdm to CBL-Mariner 2.0 14.3 13-Jan-25 Added python-tqdm to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-34062 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | Unknown | Unknown | None | Base: 4.8 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
Unknown | Unknown | None | |
Azure Linux 3.0 x64 | Unknown | Unknown | None | Base: 4.8 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
Unknown | Unknown | None | |
CBL Mariner 2.0 ARM | python-tqdm (CBL-Mariner) | Unknown | Unknown | None | Base: 4.8 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
4.63.1-3 | Unknown | None |
CBL Mariner 2.0 x64 | python-tqdm (CBL-Mariner) | Unknown | Unknown | None | Base: 4.8 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
4.63.1-3 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-34062 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2021-23336
MITRE NVD Issuing CNA: report@snyk.io |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 27-Feb-21 Information published. 1.6 30-Jun-24 Information published. 1.7 08-Jul-24 Information published. 1.8 09-Jul-24 Information published. 1.9 10-Jul-24 Information published. 2.0 12-Jul-24 Information published. 2.1 13-Jul-24 Information published. 2.2 14-Jul-24 Information published. 2.3 15-Jul-24 Information published. 2.4 16-Jul-24 Information published. 2.5 17-Jul-24 Information published. 2.6 19-Jul-24 Information published. 2.7 20-Jul-24 Information published. 2.8 21-Jul-24 Information published. 2.9 22-Jul-24 Information published. 3.0 23-Jul-24 Information published. 3.1 24-Jul-24 Information published. 3.2 25-Jul-24 Information published. 3.3 26-Jul-24 Information published. 3.4 27-Jul-24 Information published. 3.5 28-Jul-24 Information published. 3.6 29-Jul-24 Information published. 3.7 02-Aug-24 Information published. 3.8 03-Aug-24 Information published. 3.9 04-Aug-24 Information published. 4.0 05-Aug-24 Information published. 4.1 06-Aug-24 Information published. 4.2 07-Aug-24 Information published. 4.3 08-Aug-24 Information published. 4.4 09-Aug-24 Information published. 4.5 10-Aug-24 Information published. 4.6 11-Aug-24 Information published. 4.7 12-Aug-24 Information published. 4.8 15-Aug-24 Information published. 4.9 16-Aug-24 Information published. 5.0 17-Aug-24 Information published. 5.1 18-Aug-24 Information published. 5.2 19-Aug-24 Information published. 5.3 20-Aug-24 Information published. 5.4 21-Aug-24 Information published. 5.5 22-Aug-24 Information published. 5.6 23-Aug-24 Information published. 5.7 24-Aug-24 Information published. 5.8 25-Aug-24 Information published. 5.9 26-Aug-24 Information published. 6.0 27-Aug-24 Information published. 6.1 28-Aug-24 Information published. 6.2 29-Aug-24 Information published. 6.3 30-Aug-24 Information published. 6.4 31-Aug-24 Information published. 6.5 01-Sep-24 Information published. 6.6 02-Sep-24 Information published. 6.7 03-Sep-24 Information published. 6.8 05-Sep-24 Information published. 6.9 06-Sep-24 Information published. 7.0 07-Sep-24 Information published. 7.1 08-Sep-24 Information published. 7.2 11-Sep-24 Information published. 7.3 12-Sep-24 Information published. 7.4 13-Sep-24 Information published. 7.5 14-Sep-24 Information published. 7.6 15-Sep-24 Information published. 7.7 16-Sep-24 Information published. 7.8 17-Sep-24 Information published. 7.9 18-Sep-24 Information published. 8.0 19-Sep-24 Information published. 8.1 20-Sep-24 Information published. 8.2 21-Sep-24 Information published. 8.3 22-Sep-24 Information published. 8.4 23-Sep-24 Information published. 8.5 24-Sep-24 Information published. 8.6 25-Sep-24 Information published. 8.7 26-Sep-24 Information published. 8.8 27-Sep-24 Information published. 8.9 28-Sep-24 Information published. 9.0 29-Sep-24 Information published. 9.1 30-Sep-24 Information published. 9.2 01-Oct-24 Information published. 9.3 02-Oct-24 Information published. 9.4 03-Oct-24 Information published. 9.5 04-Oct-24 Information published. 9.6 05-Oct-24 Information published. 9.7 06-Oct-24 Information published. 9.8 07-Oct-24 Information published. 9.9 08-Oct-24 Information published. 10.0 09-Oct-24 Information published. 10.1 10-Oct-24 Information published. 10.2 11-Oct-24 Information published. 10.3 12-Oct-24 Information published. 10.4 13-Oct-24 Information published. 10.5 14-Oct-24 Information published. 10.6 15-Oct-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 10.7 16-Oct-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 10.8 17-Oct-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 10.9 18-Oct-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 11.0 19-Oct-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 11.1 20-Oct-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 11.2 21-Oct-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 11.3 22-Oct-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 11.4 23-Oct-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 11.5 24-Oct-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 11.6 25-Oct-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 11.7 26-Oct-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 11.8 27-Oct-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 11.9 28-Oct-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 12.0 29-Oct-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 12.1 30-Oct-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 12.2 31-Oct-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 12.3 01-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 12.4 02-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 12.5 04-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 12.6 05-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 12.7 06-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 12.8 07-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 12.9 08-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 13.0 09-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 13.1 10-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 13.2 11-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 13.3 12-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 13.4 13-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 13.5 14-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 13.6 15-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 13.7 16-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 13.8 17-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 13.9 18-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 14.0 19-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 14.1 20-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 14.2 21-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 14.3 23-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 14.4 24-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 14.5 25-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 14.6 26-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 14.7 27-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 14.8 28-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 14.9 29-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 15.0 30-Nov-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 15.1 01-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 15.2 02-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 15.3 03-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 15.4 04-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 15.5 05-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 15.6 07-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 15.7 08-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 15.8 09-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 15.9 10-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 16.0 11-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 16.1 12-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 16.2 13-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 16.3 14-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 16.4 15-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 16.5 16-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 16.6 17-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 16.7 18-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 16.8 19-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 16.9 20-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 17.0 21-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 17.1 22-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 17.2 23-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 17.3 24-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 17.4 25-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 17.5 26-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 17.6 27-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 17.7 28-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 17.8 29-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 17.9 30-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 18.0 31-Dec-24 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 18.1 01-Jan-25 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 18.2 02-Jan-25 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 18.3 03-Jan-25 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 18.4 04-Jan-25 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 18.5 05-Jan-25 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 18.6 06-Jan-25 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 18.7 07-Jan-25 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 18.8 08-Jan-25 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 18.9 09-Jan-25 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 19.0 10-Jan-25 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 19.1 11-Jan-25 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 19.2 12-Jan-25 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 19.3 13-Jan-25 Added python2 to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2021-23336 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
CBL Mariner 1.0 ARM | python2 (CBL-Mariner) python3 (CBL-Mariner) |
Unknown | Unknown | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H |
2.7.18-6 3.7.10-3 |
None | ||
CBL Mariner 1.0 x64 | python2 (CBL-Mariner) python3 (CBL-Mariner) |
Unknown | Unknown | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H |
2.7.18-6 3.7.10-3 |
None | ||
CBL Mariner 2.0 ARM | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H |
Unknown | Unknown | None | |
CBL Mariner 2.0 x64 | Unknown | Unknown | None | Base: 5.9 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H |
Unknown | Unknown | None |
CVE ID | Acknowledgements |
CVE-2021-23336 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-32021
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:3.9/TemporalScore:3.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 17-May-24 Information published. 1.1 30-Jun-24 Information published. 1.2 29-Aug-24 Information published. 1.3 30-Aug-24 Information published. 1.4 31-Aug-24 Information published. 1.5 01-Sep-24 Information published. 1.6 02-Sep-24 Information published. 1.7 03-Sep-24 Information published. 1.8 05-Sep-24 Information published. 1.9 06-Sep-24 Information published. 2.0 07-Sep-24 Information published. 2.1 08-Sep-24 Information published. 2.2 11-Sep-24 Information published. 2.3 12-Sep-24 Information published. 2.4 13-Sep-24 Information published. 2.5 14-Sep-24 Information published. 2.6 15-Sep-24 Information published. 2.7 16-Sep-24 Information published. 2.8 17-Sep-24 Information published. 2.9 18-Sep-24 Information published. 3.0 19-Sep-24 Information published. 3.1 20-Sep-24 Information published. 3.2 21-Sep-24 Information published. 3.3 22-Sep-24 Information published. 3.4 23-Sep-24 Information published. 3.5 24-Sep-24 Information published. 3.6 25-Sep-24 Information published. 3.7 26-Sep-24 Information published. 3.8 27-Sep-24 Information published. 3.9 28-Sep-24 Information published. 4.0 29-Sep-24 Information published. 4.1 30-Sep-24 Information published. 4.2 01-Oct-24 Information published. 4.3 02-Oct-24 Information published. 4.4 03-Oct-24 Information published. 4.5 04-Oct-24 Information published. 4.6 05-Oct-24 Information published. 4.7 06-Oct-24 Information published. 4.8 07-Oct-24 Information published. 4.9 08-Oct-24 Information published. 5.0 09-Oct-24 Information published. 5.1 10-Oct-24 Information published. 5.2 11-Oct-24 Information published. 5.3 12-Oct-24 Information published. 5.4 13-Oct-24 Information published. 5.5 14-Oct-24 Information published. 5.6 15-Oct-24 Added git to CBL-Mariner 2.0 5.7 16-Oct-24 Added git to CBL-Mariner 2.0 5.8 17-Oct-24 Added git to CBL-Mariner 2.0 5.9 18-Oct-24 Added git to CBL-Mariner 2.0 6.0 19-Oct-24 Added git to CBL-Mariner 2.0 6.1 20-Oct-24 Added git to CBL-Mariner 2.0 6.2 21-Oct-24 Added git to CBL-Mariner 2.0 6.3 22-Oct-24 Added git to CBL-Mariner 2.0 6.4 23-Oct-24 Added git to CBL-Mariner 2.0 6.5 24-Oct-24 Added git to CBL-Mariner 2.0 6.6 25-Oct-24 Added git to CBL-Mariner 2.0 6.7 26-Oct-24 Added git to CBL-Mariner 2.0 6.8 27-Oct-24 Added git to CBL-Mariner 2.0 6.9 28-Oct-24 Added git to CBL-Mariner 2.0 7.0 29-Oct-24 Added git to CBL-Mariner 2.0 7.1 30-Oct-24 Added git to CBL-Mariner 2.0 7.2 31-Oct-24 Added git to CBL-Mariner 2.0 7.3 01-Nov-24 Added git to CBL-Mariner 2.0 7.4 02-Nov-24 Added git to CBL-Mariner 2.0 7.5 04-Nov-24 Added git to CBL-Mariner 2.0 7.6 05-Nov-24 Added git to CBL-Mariner 2.0 7.7 06-Nov-24 Added git to CBL-Mariner 2.0 7.8 07-Nov-24 Added git to CBL-Mariner 2.0 7.9 08-Nov-24 Added git to CBL-Mariner 2.0 8.0 09-Nov-24 Added git to CBL-Mariner 2.0 8.1 10-Nov-24 Added git to CBL-Mariner 2.0 8.2 11-Nov-24 Added git to CBL-Mariner 2.0 8.3 12-Nov-24 Added git to CBL-Mariner 2.0 8.4 13-Nov-24 Added git to CBL-Mariner 2.0 8.5 14-Nov-24 Added git to CBL-Mariner 2.0 8.6 15-Nov-24 Added git to CBL-Mariner 2.0 8.7 16-Nov-24 Added git to CBL-Mariner 2.0 8.8 17-Nov-24 Added git to CBL-Mariner 2.0 8.9 18-Nov-24 Added git to CBL-Mariner 2.0 9.0 19-Nov-24 Added git to CBL-Mariner 2.0 9.1 20-Nov-24 Added git to CBL-Mariner 2.0 9.2 21-Nov-24 Added git to CBL-Mariner 2.0 9.3 23-Nov-24 Added git to CBL-Mariner 2.0 9.4 24-Nov-24 Added git to CBL-Mariner 2.0 9.5 25-Nov-24 Added git to CBL-Mariner 2.0 9.6 26-Nov-24 Added git to CBL-Mariner 2.0 9.7 27-Nov-24 Added git to CBL-Mariner 2.0 9.8 28-Nov-24 Added git to CBL-Mariner 2.0 9.9 29-Nov-24 Added git to CBL-Mariner 2.0 10.0 30-Nov-24 Added git to CBL-Mariner 2.0 10.1 01-Dec-24 Added git to CBL-Mariner 2.0 10.2 02-Dec-24 Added git to CBL-Mariner 2.0 10.3 03-Dec-24 Added git to CBL-Mariner 2.0 10.4 04-Dec-24 Added git to CBL-Mariner 2.0 10.5 05-Dec-24 Added git to CBL-Mariner 2.0 10.6 07-Dec-24 Added git to CBL-Mariner 2.0 10.7 08-Dec-24 Added git to CBL-Mariner 2.0 10.8 09-Dec-24 Added git to CBL-Mariner 2.0 10.9 10-Dec-24 Added git to CBL-Mariner 2.0 11.0 11-Dec-24 Added git to CBL-Mariner 2.0 11.1 12-Dec-24 Added git to CBL-Mariner 2.0 11.2 13-Dec-24 Added git to CBL-Mariner 2.0 11.3 14-Dec-24 Added git to CBL-Mariner 2.0 11.4 15-Dec-24 Added git to CBL-Mariner 2.0 11.5 16-Dec-24 Added git to CBL-Mariner 2.0 11.6 17-Dec-24 Added git to CBL-Mariner 2.0 11.7 18-Dec-24 Added git to CBL-Mariner 2.0 11.8 19-Dec-24 Added git to CBL-Mariner 2.0 11.9 20-Dec-24 Added git to CBL-Mariner 2.0 12.0 21-Dec-24 Added git to CBL-Mariner 2.0 12.1 22-Dec-24 Added git to CBL-Mariner 2.0 12.2 23-Dec-24 Added git to CBL-Mariner 2.0 12.3 24-Dec-24 Added git to CBL-Mariner 2.0 12.4 25-Dec-24 Added git to CBL-Mariner 2.0 12.5 26-Dec-24 Added git to CBL-Mariner 2.0 12.6 27-Dec-24 Added git to CBL-Mariner 2.0 12.7 28-Dec-24 Added git to CBL-Mariner 2.0 12.8 29-Dec-24 Added git to CBL-Mariner 2.0 12.9 30-Dec-24 Added git to CBL-Mariner 2.0 13.0 31-Dec-24 Added git to CBL-Mariner 2.0 13.1 01-Jan-25 Added git to CBL-Mariner 2.0 13.2 02-Jan-25 Added git to CBL-Mariner 2.0 13.3 03-Jan-25 Added git to CBL-Mariner 2.0 13.4 04-Jan-25 Added git to CBL-Mariner 2.0 13.5 05-Jan-25 Added git to CBL-Mariner 2.0 13.6 06-Jan-25 Added git to CBL-Mariner 2.0 13.7 07-Jan-25 Added git to CBL-Mariner 2.0 13.8 08-Jan-25 Added git to CBL-Mariner 2.0 13.9 09-Jan-25 Added git to CBL-Mariner 2.0 14.0 10-Jan-25 Added git to CBL-Mariner 2.0 14.1 11-Jan-25 Added git to CBL-Mariner 2.0 14.2 12-Jan-25 Added git to CBL-Mariner 2.0 14.3 13-Jan-25 Added git to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-32021 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | Unknown | Unknown | None | Base: 3.9 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L |
Unknown | Unknown | None | |
Azure Linux 3.0 x64 | Unknown | Unknown | None | Base: 3.9 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L |
Unknown | Unknown | None | |
CBL Mariner 2.0 ARM | git (CBL-Mariner) | Unknown | Unknown | None | Base: 3.9 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L |
2.39.4-1 | Unknown | None |
CBL Mariner 2.0 x64 | git (CBL-Mariner) | Unknown | Unknown | None | Base: 3.9 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L |
2.39.4-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-32021 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-32020
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:3.9/TemporalScore:3.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 17-May-24 Information published. 1.1 30-Jun-24 Information published. 1.2 29-Aug-24 Information published. 1.3 30-Aug-24 Information published. 1.4 31-Aug-24 Information published. 1.5 01-Sep-24 Information published. 1.6 02-Sep-24 Information published. 1.7 03-Sep-24 Information published. 1.8 05-Sep-24 Information published. 1.9 06-Sep-24 Information published. 2.0 07-Sep-24 Information published. 2.1 08-Sep-24 Information published. 2.2 11-Sep-24 Information published. 2.3 12-Sep-24 Information published. 2.4 13-Sep-24 Information published. 2.5 14-Sep-24 Information published. 2.6 15-Sep-24 Information published. 2.7 16-Sep-24 Information published. 2.8 17-Sep-24 Information published. 2.9 18-Sep-24 Information published. 3.0 19-Sep-24 Information published. 3.1 20-Sep-24 Information published. 3.2 21-Sep-24 Information published. 3.3 22-Sep-24 Information published. 3.4 23-Sep-24 Information published. 3.5 24-Sep-24 Information published. 3.6 25-Sep-24 Information published. 3.7 26-Sep-24 Information published. 3.8 27-Sep-24 Information published. 3.9 28-Sep-24 Information published. 4.0 29-Sep-24 Information published. 4.1 30-Sep-24 Information published. 4.2 01-Oct-24 Information published. 4.3 02-Oct-24 Information published. 4.4 03-Oct-24 Information published. 4.5 04-Oct-24 Information published. 4.6 05-Oct-24 Information published. 4.7 06-Oct-24 Information published. 4.8 07-Oct-24 Information published. 4.9 08-Oct-24 Information published. 5.0 09-Oct-24 Information published. 5.1 10-Oct-24 Information published. 5.2 11-Oct-24 Information published. 5.3 12-Oct-24 Information published. 5.4 13-Oct-24 Information published. 5.5 14-Oct-24 Information published. 5.6 15-Oct-24 Added git to CBL-Mariner 2.0 5.7 16-Oct-24 Added git to CBL-Mariner 2.0 5.8 17-Oct-24 Added git to CBL-Mariner 2.0 5.9 18-Oct-24 Added git to CBL-Mariner 2.0 6.0 19-Oct-24 Added git to CBL-Mariner 2.0 6.1 20-Oct-24 Added git to CBL-Mariner 2.0 6.2 21-Oct-24 Added git to CBL-Mariner 2.0 6.3 22-Oct-24 Added git to CBL-Mariner 2.0 6.4 23-Oct-24 Added git to CBL-Mariner 2.0 6.5 24-Oct-24 Added git to CBL-Mariner 2.0 6.6 25-Oct-24 Added git to CBL-Mariner 2.0 6.7 26-Oct-24 Added git to CBL-Mariner 2.0 6.8 27-Oct-24 Added git to CBL-Mariner 2.0 6.9 28-Oct-24 Added git to CBL-Mariner 2.0 7.0 29-Oct-24 Added git to CBL-Mariner 2.0 7.1 30-Oct-24 Added git to CBL-Mariner 2.0 7.2 31-Oct-24 Added git to CBL-Mariner 2.0 7.3 01-Nov-24 Added git to CBL-Mariner 2.0 7.4 02-Nov-24 Added git to CBL-Mariner 2.0 7.5 04-Nov-24 Added git to CBL-Mariner 2.0 7.6 05-Nov-24 Added git to CBL-Mariner 2.0 7.7 06-Nov-24 Added git to CBL-Mariner 2.0 7.8 07-Nov-24 Added git to CBL-Mariner 2.0 7.9 08-Nov-24 Added git to CBL-Mariner 2.0 8.0 09-Nov-24 Added git to CBL-Mariner 2.0 8.1 10-Nov-24 Added git to CBL-Mariner 2.0 8.2 11-Nov-24 Added git to CBL-Mariner 2.0 8.3 12-Nov-24 Added git to CBL-Mariner 2.0 8.4 13-Nov-24 Added git to CBL-Mariner 2.0 8.5 14-Nov-24 Added git to CBL-Mariner 2.0 8.6 15-Nov-24 Added git to CBL-Mariner 2.0 8.7 16-Nov-24 Added git to CBL-Mariner 2.0 8.8 17-Nov-24 Added git to CBL-Mariner 2.0 8.9 18-Nov-24 Added git to CBL-Mariner 2.0 9.0 19-Nov-24 Added git to CBL-Mariner 2.0 9.1 20-Nov-24 Added git to CBL-Mariner 2.0 9.2 21-Nov-24 Added git to CBL-Mariner 2.0 9.3 23-Nov-24 Added git to CBL-Mariner 2.0 9.4 24-Nov-24 Added git to CBL-Mariner 2.0 9.5 25-Nov-24 Added git to CBL-Mariner 2.0 9.6 26-Nov-24 Added git to CBL-Mariner 2.0 9.7 27-Nov-24 Added git to CBL-Mariner 2.0 9.8 28-Nov-24 Added git to CBL-Mariner 2.0 9.9 29-Nov-24 Added git to CBL-Mariner 2.0 10.0 30-Nov-24 Added git to CBL-Mariner 2.0 10.1 01-Dec-24 Added git to CBL-Mariner 2.0 10.2 02-Dec-24 Added git to CBL-Mariner 2.0 10.3 03-Dec-24 Added git to CBL-Mariner 2.0 10.4 04-Dec-24 Added git to CBL-Mariner 2.0 10.5 05-Dec-24 Added git to CBL-Mariner 2.0 10.6 07-Dec-24 Added git to CBL-Mariner 2.0 10.7 08-Dec-24 Added git to CBL-Mariner 2.0 10.8 09-Dec-24 Added git to CBL-Mariner 2.0 10.9 10-Dec-24 Added git to CBL-Mariner 2.0 11.0 11-Dec-24 Added git to CBL-Mariner 2.0 11.1 12-Dec-24 Added git to CBL-Mariner 2.0 11.2 13-Dec-24 Added git to CBL-Mariner 2.0 11.3 14-Dec-24 Added git to CBL-Mariner 2.0 11.4 15-Dec-24 Added git to CBL-Mariner 2.0 11.5 16-Dec-24 Added git to CBL-Mariner 2.0 11.6 17-Dec-24 Added git to CBL-Mariner 2.0 11.7 18-Dec-24 Added git to CBL-Mariner 2.0 11.8 19-Dec-24 Added git to CBL-Mariner 2.0 11.9 20-Dec-24 Added git to CBL-Mariner 2.0 12.0 21-Dec-24 Added git to CBL-Mariner 2.0 12.1 22-Dec-24 Added git to CBL-Mariner 2.0 12.2 23-Dec-24 Added git to CBL-Mariner 2.0 12.3 24-Dec-24 Added git to CBL-Mariner 2.0 12.4 25-Dec-24 Added git to CBL-Mariner 2.0 12.5 26-Dec-24 Added git to CBL-Mariner 2.0 12.6 27-Dec-24 Added git to CBL-Mariner 2.0 12.7 28-Dec-24 Added git to CBL-Mariner 2.0 12.8 29-Dec-24 Added git to CBL-Mariner 2.0 12.9 30-Dec-24 Added git to CBL-Mariner 2.0 13.0 31-Dec-24 Added git to CBL-Mariner 2.0 13.1 01-Jan-25 Added git to CBL-Mariner 2.0 13.2 02-Jan-25 Added git to CBL-Mariner 2.0 13.3 03-Jan-25 Added git to CBL-Mariner 2.0 13.4 04-Jan-25 Added git to CBL-Mariner 2.0 13.5 05-Jan-25 Added git to CBL-Mariner 2.0 13.6 06-Jan-25 Added git to CBL-Mariner 2.0 13.7 07-Jan-25 Added git to CBL-Mariner 2.0 13.8 08-Jan-25 Added git to CBL-Mariner 2.0 13.9 09-Jan-25 Added git to CBL-Mariner 2.0 14.0 10-Jan-25 Added git to CBL-Mariner 2.0 14.1 11-Jan-25 Added git to CBL-Mariner 2.0 14.2 12-Jan-25 Added git to CBL-Mariner 2.0 14.3 13-Jan-25 Added git to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-32020 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | Unknown | Unknown | None | Base: 3.9 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L |
Unknown | Unknown | None | |
Azure Linux 3.0 x64 | Unknown | Unknown | None | Base: 3.9 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L |
Unknown | Unknown | None | |
CBL Mariner 2.0 ARM | git (CBL-Mariner) | Unknown | Unknown | None | Base: 3.9 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L |
2.39.4-1 | Unknown | None |
CBL Mariner 2.0 x64 | git (CBL-Mariner) | Unknown | Unknown | None | Base: 3.9 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L |
2.39.4-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-32020 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-32465
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:7.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 17-May-24 Information published. 1.1 30-Jun-24 Information published. 1.2 29-Aug-24 Information published. 1.3 30-Aug-24 Information published. 1.4 31-Aug-24 Information published. 1.5 01-Sep-24 Information published. 1.6 02-Sep-24 Information published. 1.7 03-Sep-24 Information published. 1.8 05-Sep-24 Information published. 1.9 06-Sep-24 Information published. 2.0 07-Sep-24 Information published. 2.1 08-Sep-24 Information published. 2.2 11-Sep-24 Information published. 2.3 12-Sep-24 Information published. 2.4 13-Sep-24 Information published. 2.5 14-Sep-24 Information published. 2.6 15-Sep-24 Information published. 2.7 16-Sep-24 Information published. 2.8 17-Sep-24 Information published. 2.9 18-Sep-24 Information published. 3.0 19-Sep-24 Information published. 3.1 20-Sep-24 Information published. 3.2 21-Sep-24 Information published. 3.3 22-Sep-24 Information published. 3.4 23-Sep-24 Information published. 3.5 24-Sep-24 Information published. 3.6 25-Sep-24 Information published. 3.7 26-Sep-24 Information published. 3.8 27-Sep-24 Information published. 3.9 28-Sep-24 Information published. 4.0 29-Sep-24 Information published. 4.1 30-Sep-24 Information published. 4.2 01-Oct-24 Information published. 4.3 02-Oct-24 Information published. 4.4 03-Oct-24 Information published. 4.5 04-Oct-24 Information published. 4.6 05-Oct-24 Information published. 4.7 06-Oct-24 Information published. 4.8 07-Oct-24 Information published. 4.9 08-Oct-24 Information published. 5.0 09-Oct-24 Information published. 5.1 10-Oct-24 Information published. 5.2 11-Oct-24 Information published. 5.3 12-Oct-24 Information published. 5.4 13-Oct-24 Information published. 5.5 14-Oct-24 Information published. 5.6 15-Oct-24 Added git to CBL-Mariner 2.0 5.7 16-Oct-24 Added git to CBL-Mariner 2.0 5.8 17-Oct-24 Added git to CBL-Mariner 2.0 5.9 18-Oct-24 Added git to CBL-Mariner 2.0 6.0 19-Oct-24 Added git to CBL-Mariner 2.0 6.1 20-Oct-24 Added git to CBL-Mariner 2.0 6.2 21-Oct-24 Added git to CBL-Mariner 2.0 6.3 22-Oct-24 Added git to CBL-Mariner 2.0 6.4 23-Oct-24 Added git to CBL-Mariner 2.0 6.5 24-Oct-24 Added git to CBL-Mariner 2.0 6.6 25-Oct-24 Added git to CBL-Mariner 2.0 6.7 26-Oct-24 Added git to CBL-Mariner 2.0 6.8 27-Oct-24 Added git to CBL-Mariner 2.0 6.9 28-Oct-24 Added git to CBL-Mariner 2.0 7.0 29-Oct-24 Added git to CBL-Mariner 2.0 7.1 30-Oct-24 Added git to CBL-Mariner 2.0 7.2 31-Oct-24 Added git to CBL-Mariner 2.0 7.3 01-Nov-24 Added git to CBL-Mariner 2.0 7.4 02-Nov-24 Added git to CBL-Mariner 2.0 7.5 04-Nov-24 Added git to CBL-Mariner 2.0 7.6 05-Nov-24 Added git to CBL-Mariner 2.0 7.7 06-Nov-24 Added git to CBL-Mariner 2.0 7.8 07-Nov-24 Added git to CBL-Mariner 2.0 7.9 08-Nov-24 Added git to CBL-Mariner 2.0 8.0 09-Nov-24 Added git to CBL-Mariner 2.0 8.1 10-Nov-24 Added git to CBL-Mariner 2.0 8.2 11-Nov-24 Added git to CBL-Mariner 2.0 8.3 12-Nov-24 Added git to CBL-Mariner 2.0 8.4 13-Nov-24 Added git to CBL-Mariner 2.0 8.5 14-Nov-24 Added git to CBL-Mariner 2.0 8.6 15-Nov-24 Added git to CBL-Mariner 2.0 8.7 16-Nov-24 Added git to CBL-Mariner 2.0 8.8 17-Nov-24 Added git to CBL-Mariner 2.0 8.9 18-Nov-24 Added git to CBL-Mariner 2.0 9.0 19-Nov-24 Added git to CBL-Mariner 2.0 9.1 20-Nov-24 Added git to CBL-Mariner 2.0 9.2 21-Nov-24 Added git to CBL-Mariner 2.0 9.3 23-Nov-24 Added git to CBL-Mariner 2.0 9.4 24-Nov-24 Added git to CBL-Mariner 2.0 9.5 25-Nov-24 Added git to CBL-Mariner 2.0 9.6 26-Nov-24 Added git to CBL-Mariner 2.0 9.7 27-Nov-24 Added git to CBL-Mariner 2.0 9.8 28-Nov-24 Added git to CBL-Mariner 2.0 9.9 29-Nov-24 Added git to CBL-Mariner 2.0 10.0 30-Nov-24 Added git to CBL-Mariner 2.0 10.1 01-Dec-24 Added git to CBL-Mariner 2.0 10.2 02-Dec-24 Added git to CBL-Mariner 2.0 10.3 03-Dec-24 Added git to CBL-Mariner 2.0 10.4 04-Dec-24 Added git to CBL-Mariner 2.0 10.5 05-Dec-24 Added git to CBL-Mariner 2.0 10.6 07-Dec-24 Added git to CBL-Mariner 2.0 10.7 08-Dec-24 Added git to CBL-Mariner 2.0 10.8 09-Dec-24 Added git to CBL-Mariner 2.0 10.9 10-Dec-24 Added git to CBL-Mariner 2.0 11.0 11-Dec-24 Added git to CBL-Mariner 2.0 11.1 12-Dec-24 Added git to CBL-Mariner 2.0 11.2 13-Dec-24 Added git to CBL-Mariner 2.0 11.3 14-Dec-24 Added git to CBL-Mariner 2.0 11.4 15-Dec-24 Added git to CBL-Mariner 2.0 11.5 16-Dec-24 Added git to CBL-Mariner 2.0 11.6 17-Dec-24 Added git to CBL-Mariner 2.0 11.7 18-Dec-24 Added git to CBL-Mariner 2.0 11.8 19-Dec-24 Added git to CBL-Mariner 2.0 11.9 20-Dec-24 Added git to CBL-Mariner 2.0 12.0 21-Dec-24 Added git to CBL-Mariner 2.0 12.1 22-Dec-24 Added git to CBL-Mariner 2.0 12.2 23-Dec-24 Added git to CBL-Mariner 2.0 12.3 24-Dec-24 Added git to CBL-Mariner 2.0 12.4 25-Dec-24 Added git to CBL-Mariner 2.0 12.5 26-Dec-24 Added git to CBL-Mariner 2.0 12.6 27-Dec-24 Added git to CBL-Mariner 2.0 12.7 28-Dec-24 Added git to CBL-Mariner 2.0 12.8 29-Dec-24 Added git to CBL-Mariner 2.0 12.9 30-Dec-24 Added git to CBL-Mariner 2.0 13.0 31-Dec-24 Added git to CBL-Mariner 2.0 13.1 01-Jan-25 Added git to CBL-Mariner 2.0 13.2 02-Jan-25 Added git to CBL-Mariner 2.0 13.3 03-Jan-25 Added git to CBL-Mariner 2.0 13.4 04-Jan-25 Added git to CBL-Mariner 2.0 13.5 05-Jan-25 Added git to CBL-Mariner 2.0 13.6 06-Jan-25 Added git to CBL-Mariner 2.0 13.7 07-Jan-25 Added git to CBL-Mariner 2.0 13.8 08-Jan-25 Added git to CBL-Mariner 2.0 13.9 09-Jan-25 Added git to CBL-Mariner 2.0 14.0 10-Jan-25 Added git to CBL-Mariner 2.0 14.1 11-Jan-25 Added git to CBL-Mariner 2.0 14.2 12-Jan-25 Added git to CBL-Mariner 2.0 14.3 13-Jan-25 Added git to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-32465 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | Unknown | Unknown | None | Base: 7.3 Temporal: 7.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Unknown | Unknown | None | |
Azure Linux 3.0 x64 | Unknown | Unknown | None | Base: 7.3 Temporal: 7.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Unknown | Unknown | None | |
CBL Mariner 2.0 ARM | git (CBL-Mariner) | Unknown | Unknown | None | Base: 7.3 Temporal: 7.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
2.39.4-1 | Unknown | None |
CBL Mariner 2.0 x64 | git (CBL-Mariner) | Unknown | Unknown | None | Base: 7.3 Temporal: 7.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
2.39.4-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-32465 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-10963
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.4/TemporalScore:7.4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 0.1 19-Dec-24 Information published. 0.2 24-Dec-24 Information published. 0.3 25-Dec-24 Information published. 0.4 26-Dec-24 Information published. 0.5 27-Dec-24 Information published. 0.6 28-Dec-24 Information published. 0.7 29-Dec-24 Information published. 0.8 30-Dec-24 Information published. 0.9 31-Dec-24 Information published. 1.0 01-Jan-25 Information published. 1.1 02-Jan-25 Added pam to Azure Linux 3.0 1.2 03-Jan-25 Added pam to Azure Linux 3.0 1.3 04-Jan-25 Added pam to Azure Linux 3.0 1.4 05-Jan-25 Added pam to Azure Linux 3.0 1.5 06-Jan-25 Added pam to Azure Linux 3.0 1.6 07-Jan-25 Added pam to Azure Linux 3.0 1.7 08-Jan-25 Added pam to Azure Linux 3.0 1.8 09-Jan-25 Added pam to Azure Linux 3.0 1.9 10-Jan-25 Added pam to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-10963 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | pam (CBL-Mariner) | Unknown | Unknown | None | Base: 7.4 Temporal: 7.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
1.5.3-4 | Unknown | None |
Azure Linux 3.0 x64 | pam (CBL-Mariner) | Unknown | Unknown | None | Base: 7.4 Temporal: 7.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
1.5.3-4 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-10963 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-7383
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.4/TemporalScore:7.4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 1.1 15-Oct-24 Added libnbd to CBL-Mariner 2.0 1.2 16-Oct-24 Added libnbd to CBL-Mariner 2.0 1.3 17-Oct-24 Added libnbd to CBL-Mariner 2.0 1.4 18-Oct-24 Added libnbd to CBL-Mariner 2.0 1.5 19-Oct-24 Added libnbd to CBL-Mariner 2.0 1.6 20-Oct-24 Added libnbd to CBL-Mariner 2.0 1.7 21-Oct-24 Added libnbd to CBL-Mariner 2.0 1.8 22-Oct-24 Added libnbd to CBL-Mariner 2.0 1.9 23-Oct-24 Added libnbd to CBL-Mariner 2.0 2.0 24-Oct-24 Added libnbd to CBL-Mariner 2.0 2.1 25-Oct-24 Added libnbd to CBL-Mariner 2.0 2.2 26-Oct-24 Added libnbd to CBL-Mariner 2.0 2.3 27-Oct-24 Added libnbd to CBL-Mariner 2.0 2.4 28-Oct-24 Added libnbd to CBL-Mariner 2.0 2.5 29-Oct-24 Added libnbd to CBL-Mariner 2.0 2.6 30-Oct-24 Added libnbd to CBL-Mariner 2.0 2.7 31-Oct-24 Added libnbd to CBL-Mariner 2.0 2.8 01-Nov-24 Added libnbd to CBL-Mariner 2.0 2.9 02-Nov-24 Added libnbd to CBL-Mariner 2.0 3.0 04-Nov-24 Added libnbd to CBL-Mariner 2.0 3.1 05-Nov-24 Added libnbd to CBL-Mariner 2.0 3.2 06-Nov-24 Added libnbd to CBL-Mariner 2.0 3.3 07-Nov-24 Added libnbd to CBL-Mariner 2.0 3.4 08-Nov-24 Added libnbd to CBL-Mariner 2.0 3.5 09-Nov-24 Added libnbd to CBL-Mariner 2.0 3.6 10-Nov-24 Added libnbd to CBL-Mariner 2.0 3.7 11-Nov-24 Added libnbd to CBL-Mariner 2.0 3.8 12-Nov-24 Added libnbd to CBL-Mariner 2.0 3.9 13-Nov-24 Added libnbd to CBL-Mariner 2.0 4.0 14-Nov-24 Added libnbd to CBL-Mariner 2.0 4.1 15-Nov-24 Added libnbd to CBL-Mariner 2.0 4.2 16-Nov-24 Added libnbd to CBL-Mariner 2.0 4.3 17-Nov-24 Added libnbd to CBL-Mariner 2.0 4.4 18-Nov-24 Added libnbd to CBL-Mariner 2.0 4.5 19-Nov-24 Added libnbd to CBL-Mariner 2.0 4.6 20-Nov-24 Added libnbd to CBL-Mariner 2.0 4.7 21-Nov-24 Added libnbd to CBL-Mariner 2.0 4.8 23-Nov-24 Added libnbd to CBL-Mariner 2.0 4.9 24-Nov-24 Added libnbd to CBL-Mariner 2.0 5.0 25-Nov-24 Added libnbd to CBL-Mariner 2.0 5.1 26-Nov-24 Added libnbd to CBL-Mariner 2.0 5.2 27-Nov-24 Added libnbd to CBL-Mariner 2.0 5.3 28-Nov-24 Added libnbd to CBL-Mariner 2.0 5.4 29-Nov-24 Added libnbd to CBL-Mariner 2.0 5.5 30-Nov-24 Added libnbd to CBL-Mariner 2.0 5.6 01-Dec-24 Added libnbd to CBL-Mariner 2.0 5.7 02-Dec-24 Added libnbd to CBL-Mariner 2.0 5.8 03-Dec-24 Added libnbd to CBL-Mariner 2.0 5.9 04-Dec-24 Added libnbd to CBL-Mariner 2.0 6.0 05-Dec-24 Added libnbd to CBL-Mariner 2.0 6.1 07-Dec-24 Added libnbd to CBL-Mariner 2.0 6.2 08-Dec-24 Added libnbd to CBL-Mariner 2.0 6.3 09-Dec-24 Added libnbd to CBL-Mariner 2.0 6.4 10-Dec-24 Added libnbd to CBL-Mariner 2.0 6.5 11-Dec-24 Added libnbd to CBL-Mariner 2.0 6.6 12-Dec-24 Added libnbd to CBL-Mariner 2.0 6.7 13-Dec-24 Added libnbd to CBL-Mariner 2.0 6.8 14-Dec-24 Added libnbd to CBL-Mariner 2.0 6.9 15-Dec-24 Added libnbd to CBL-Mariner 2.0 7.0 16-Dec-24 Added libnbd to CBL-Mariner 2.0 7.1 17-Dec-24 Added libnbd to CBL-Mariner 2.0 7.2 18-Dec-24 Added libnbd to CBL-Mariner 2.0 7.3 19-Dec-24 Added libnbd to CBL-Mariner 2.0 7.4 20-Dec-24 Added libnbd to CBL-Mariner 2.0 7.5 21-Dec-24 Added libnbd to CBL-Mariner 2.0 7.6 22-Dec-24 Added libnbd to CBL-Mariner 2.0 7.7 23-Dec-24 Added libnbd to CBL-Mariner 2.0 7.8 24-Dec-24 Added libnbd to CBL-Mariner 2.0 7.9 25-Dec-24 Added libnbd to CBL-Mariner 2.0 8.0 26-Dec-24 Added libnbd to CBL-Mariner 2.0 8.1 27-Dec-24 Added libnbd to CBL-Mariner 2.0 8.2 28-Dec-24 Added libnbd to CBL-Mariner 2.0 8.3 29-Dec-24 Added libnbd to CBL-Mariner 2.0 8.4 30-Dec-24 Added libnbd to CBL-Mariner 2.0 8.5 31-Dec-24 Added libnbd to CBL-Mariner 2.0 8.6 01-Jan-25 Added libnbd to CBL-Mariner 2.0 8.7 02-Jan-25 Added libnbd to CBL-Mariner 2.0 8.8 03-Jan-25 Added libnbd to CBL-Mariner 2.0 8.9 04-Jan-25 Added libnbd to CBL-Mariner 2.0 9.0 05-Jan-25 Added libnbd to CBL-Mariner 2.0 9.1 06-Jan-25 Added libnbd to CBL-Mariner 2.0 9.2 07-Jan-25 Added libnbd to CBL-Mariner 2.0 9.3 08-Jan-25 Added libnbd to CBL-Mariner 2.0 9.4 09-Jan-25 Added libnbd to CBL-Mariner 2.0 9.5 10-Jan-25 Added libnbd to CBL-Mariner 2.0 9.6 11-Jan-25 Added libnbd to CBL-Mariner 2.0 9.7 12-Jan-25 Added libnbd to CBL-Mariner 2.0 9.8 13-Jan-25 Added libnbd to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-7383 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | Unknown | Unknown | None | Base: 7.4 Temporal: 7.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
Unknown | Unknown | None | |
Azure Linux 3.0 x64 | Unknown | Unknown | None | Base: 7.4 Temporal: 7.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
Unknown | Unknown | None | |
CBL Mariner 2.0 ARM | libnbd (CBL-Mariner) | Unknown | Unknown | None | Base: 7.4 Temporal: 7.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
1.12.1-4 | Unknown | None |
CBL Mariner 2.0 x64 | libnbd (CBL-Mariner) | Unknown | Unknown | None | Base: 7.4 Temporal: 7.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
1.12.1-4 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-7383 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2022-40898
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 13-Sep-24 Information published. 1.1 14-Sep-24 Information published. 1.2 15-Sep-24 Information published. 1.3 16-Sep-24 Information published. 1.4 17-Sep-24 Information published. 1.5 18-Sep-24 Information published. 1.6 19-Sep-24 Information published. 1.7 20-Sep-24 Information published. 1.8 21-Sep-24 Information published. 1.9 22-Sep-24 Information published. 2.0 23-Sep-24 Information published. 2.1 24-Sep-24 Information published. 2.2 25-Sep-24 Information published. 2.3 26-Sep-24 Information published. 2.4 27-Sep-24 Information published. 2.5 28-Sep-24 Information published. 2.6 29-Sep-24 Information published. 2.7 30-Sep-24 Information published. 2.8 01-Oct-24 Information published. 2.9 02-Oct-24 Information published. 3.0 03-Oct-24 Information published. 3.1 04-Oct-24 Information published. 3.2 05-Oct-24 Information published. 3.3 06-Oct-24 Information published. 3.4 07-Oct-24 Information published. 3.5 09-Oct-24 Information published. 3.6 10-Oct-24 Information published. 3.7 11-Oct-24 Information published. 3.8 12-Oct-24 Information published. 3.9 13-Oct-24 Information published. 4.0 14-Oct-24 Information published. 4.1 15-Oct-24 Added python-wheel to CBL-Mariner 2.0 4.2 16-Oct-24 Added python-wheel to CBL-Mariner 2.0 4.3 17-Oct-24 Added python-wheel to CBL-Mariner 2.0 4.4 18-Oct-24 Added python-wheel to CBL-Mariner 2.0 4.5 19-Oct-24 Added python-wheel to CBL-Mariner 2.0 4.6 20-Oct-24 Added python-wheel to CBL-Mariner 2.0 4.7 21-Oct-24 Added python-wheel to CBL-Mariner 2.0 4.8 22-Oct-24 Added python-wheel to CBL-Mariner 2.0 4.9 23-Oct-24 Added python-wheel to CBL-Mariner 2.0 5.0 24-Oct-24 Added python-wheel to CBL-Mariner 2.0 5.1 25-Oct-24 Added python-wheel to CBL-Mariner 2.0 5.2 26-Oct-24 Added python-wheel to CBL-Mariner 2.0 5.3 27-Oct-24 Added python-wheel to CBL-Mariner 2.0 5.4 28-Oct-24 Added python-wheel to CBL-Mariner 2.0 5.5 29-Oct-24 Added python-wheel to CBL-Mariner 2.0 5.6 30-Oct-24 Added python-wheel to CBL-Mariner 2.0 5.7 31-Oct-24 Added python-wheel to CBL-Mariner 2.0 5.8 01-Nov-24 Added python-wheel to CBL-Mariner 2.0 5.9 02-Nov-24 Added python-wheel to CBL-Mariner 2.0 6.0 04-Nov-24 Added python-wheel to CBL-Mariner 2.0 6.1 05-Nov-24 Added python-wheel to CBL-Mariner 2.0 6.2 06-Nov-24 Added python-wheel to CBL-Mariner 2.0 6.3 07-Nov-24 Added python-wheel to CBL-Mariner 2.0 6.4 08-Nov-24 Added python-wheel to CBL-Mariner 2.0 6.5 09-Nov-24 Added python-wheel to CBL-Mariner 2.0 6.6 10-Nov-24 Added python-wheel to CBL-Mariner 2.0 6.7 11-Nov-24 Added python-wheel to CBL-Mariner 2.0 6.8 12-Nov-24 Added python-wheel to CBL-Mariner 2.0 6.9 13-Nov-24 Added python-wheel to CBL-Mariner 2.0 7.0 14-Nov-24 Added python-wheel to CBL-Mariner 2.0 7.1 15-Nov-24 Added python-wheel to CBL-Mariner 2.0 7.2 16-Nov-24 Added python-wheel to CBL-Mariner 2.0 7.3 17-Nov-24 Added python-wheel to CBL-Mariner 2.0 7.4 18-Nov-24 Added python-wheel to CBL-Mariner 2.0 7.5 19-Nov-24 Added python-wheel to CBL-Mariner 2.0 7.6 20-Nov-24 Added python-wheel to CBL-Mariner 2.0 7.7 21-Nov-24 Added python-wheel to CBL-Mariner 2.0 7.8 23-Nov-24 Added python-wheel to CBL-Mariner 2.0 7.9 24-Nov-24 Added python-wheel to CBL-Mariner 2.0 8.0 25-Nov-24 Added python-wheel to CBL-Mariner 2.0 8.1 26-Nov-24 Added python-wheel to CBL-Mariner 2.0 8.2 27-Nov-24 Added python-wheel to CBL-Mariner 2.0 8.3 28-Nov-24 Added python-wheel to CBL-Mariner 2.0 8.4 29-Nov-24 Added python-wheel to CBL-Mariner 2.0 8.5 30-Nov-24 Added python-wheel to CBL-Mariner 2.0 8.6 01-Dec-24 Added python-wheel to CBL-Mariner 2.0 8.7 02-Dec-24 Added python-wheel to CBL-Mariner 2.0 8.8 03-Dec-24 Added python-wheel to CBL-Mariner 2.0 8.9 04-Dec-24 Added python-wheel to CBL-Mariner 2.0 9.0 05-Dec-24 Added python-wheel to CBL-Mariner 2.0 9.1 07-Dec-24 Added python-wheel to CBL-Mariner 2.0 9.2 08-Dec-24 Added python-wheel to CBL-Mariner 2.0 9.3 09-Dec-24 Added python-wheel to CBL-Mariner 2.0 9.4 10-Dec-24 Added python-wheel to CBL-Mariner 2.0 9.5 11-Dec-24 Added python-wheel to CBL-Mariner 2.0 9.6 12-Dec-24 Added python-wheel to CBL-Mariner 2.0 9.7 13-Dec-24 Added python-wheel to CBL-Mariner 2.0 9.8 14-Dec-24 Added python-wheel to CBL-Mariner 2.0 9.9 15-Dec-24 Added python-wheel to CBL-Mariner 2.0 10.0 16-Dec-24 Added python-wheel to CBL-Mariner 2.0 10.1 17-Dec-24 Added python-wheel to CBL-Mariner 2.0 10.2 18-Dec-24 Added python-wheel to CBL-Mariner 2.0 10.3 19-Dec-24 Added python-wheel to CBL-Mariner 2.0 10.4 20-Dec-24 Added python-wheel to CBL-Mariner 2.0 10.5 21-Dec-24 Added python-wheel to CBL-Mariner 2.0 10.6 22-Dec-24 Added python-wheel to CBL-Mariner 2.0 10.7 23-Dec-24 Added python-wheel to CBL-Mariner 2.0 10.8 24-Dec-24 Added python-wheel to CBL-Mariner 2.0 10.9 25-Dec-24 Added python-wheel to CBL-Mariner 2.0 11.0 26-Dec-24 Added python-wheel to CBL-Mariner 2.0 11.1 27-Dec-24 Added python-wheel to CBL-Mariner 2.0 11.2 28-Dec-24 Added python-wheel to CBL-Mariner 2.0 11.3 29-Dec-24 Added python-wheel to CBL-Mariner 2.0 11.4 30-Dec-24 Added python-wheel to CBL-Mariner 2.0 11.5 31-Dec-24 Added python-wheel to CBL-Mariner 2.0 11.6 01-Jan-25 Added python-wheel to CBL-Mariner 2.0 11.7 02-Jan-25 Added python-wheel to CBL-Mariner 2.0 11.8 03-Jan-25 Added python-wheel to CBL-Mariner 2.0 11.9 04-Jan-25 Added python-wheel to CBL-Mariner 2.0 12.0 05-Jan-25 Added python-wheel to CBL-Mariner 2.0 12.1 06-Jan-25 Added python-wheel to CBL-Mariner 2.0 12.2 07-Jan-25 Added python-wheel to CBL-Mariner 2.0 12.3 08-Jan-25 Added python-wheel to CBL-Mariner 2.0 12.4 09-Jan-25 Added python-wheel to CBL-Mariner 2.0 12.5 10-Jan-25 Added python-wheel to CBL-Mariner 2.0 12.6 11-Jan-25 Added python-wheel to CBL-Mariner 2.0 12.7 12-Jan-25 Added python-wheel to CBL-Mariner 2.0 12.8 13-Jan-25 Added python-wheel to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-40898 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown | Unknown | None | |
Azure Linux 3.0 x64 | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown | Unknown | None | |
CBL Mariner 2.0 ARM | python-wheel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
0.33.6-8 | Unknown | None |
CBL Mariner 2.0 x64 | python-wheel (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
0.33.6-8 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2022-40898 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2023-40546
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 1.1 07-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.2 08-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.3 09-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.4 10-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.5 11-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.6 12-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.7 13-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.8 14-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 1.9 15-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.0 16-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.1 17-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.2 18-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.3 19-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.4 20-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.5 21-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.6 22-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.7 23-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.8 24-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 2.9 25-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.0 26-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.1 27-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.2 28-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.3 29-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.4 30-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.5 31-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.6 01-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.7 02-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.8 03-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 3.9 04-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.0 05-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.1 06-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.2 07-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.3 08-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.4 09-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.5 10-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.6 11-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.7 12-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 4.8 13-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-40546 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
15.8-3 | None | ||
Azure Linux 3.0 x64 | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
15.8-3 | None | ||
CBL Mariner 2.0 ARM | shim (CBL-Mariner) shim-unsigned-x64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
15.8-1 | None | ||
CBL Mariner 2.0 x64 | shim (CBL-Mariner) shim-unsigned-x64 (CBL-Mariner) |
Unknown | Unknown | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
15.8-1 | None |
CVE ID | Acknowledgements |
CVE-2023-40546 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2022-28737
MITRE NVD Issuing CNA: security@ubuntu.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 1.1 07-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 1.2 08-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 1.3 09-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 1.4 10-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 1.5 11-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 1.6 12-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 1.7 13-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 1.8 14-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 1.9 15-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 2.0 16-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 2.1 17-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 2.2 18-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 2.3 19-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 2.4 20-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 2.5 21-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 2.6 22-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 2.7 23-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 2.8 24-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 2.9 25-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 3.0 26-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 3.1 27-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 3.2 28-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 3.3 29-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 3.4 30-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 3.5 31-Dec-24 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 3.6 01-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 3.7 02-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 3.8 03-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 3.9 04-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 4.0 05-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 4.1 06-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 4.2 07-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 4.3 08-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 4.4 09-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 4.5 10-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 4.6 11-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 4.7 12-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 4.8 13-Jan-25 Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-28737 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
15.8-3 | None | ||
Azure Linux 3.0 x64 | shim (CBL-Mariner) shim-unsigned-aarch64 (CBL-Mariner) |
Unknown | Unknown | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
15.8-3 | None | ||
CBL Mariner 2.0 ARM | shim (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
15.8-1 | Unknown | None |
CBL Mariner 2.0 x64 | shim (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
15.8-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2022-28737 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2020-27840
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 15-Oct-24 Information published. 1.1 16-Oct-24 Added samba to Azure Linux 3.0 1.2 17-Oct-24 Added samba to Azure Linux 3.0 1.3 18-Oct-24 Added samba to Azure Linux 3.0 1.4 19-Oct-24 Added samba to Azure Linux 3.0 1.5 20-Oct-24 Added samba to Azure Linux 3.0 1.6 21-Oct-24 Added samba to Azure Linux 3.0 1.7 22-Oct-24 Added samba to Azure Linux 3.0 1.8 23-Oct-24 Added samba to Azure Linux 3.0 1.9 24-Oct-24 Added samba to Azure Linux 3.0 2.0 25-Oct-24 Added samba to Azure Linux 3.0 2.1 26-Oct-24 Added samba to Azure Linux 3.0 2.2 27-Oct-24 Added samba to Azure Linux 3.0 2.3 28-Oct-24 Added samba to Azure Linux 3.0 2.4 29-Oct-24 Added samba to Azure Linux 3.0 2.5 30-Oct-24 Added samba to Azure Linux 3.0 2.6 31-Oct-24 Added samba to Azure Linux 3.0 2.7 01-Nov-24 Added samba to Azure Linux 3.0 2.8 02-Nov-24 Added samba to Azure Linux 3.0 2.9 04-Nov-24 Added samba to Azure Linux 3.0 3.0 05-Nov-24 Added samba to Azure Linux 3.0 3.1 06-Nov-24 Added samba to Azure Linux 3.0 3.2 07-Nov-24 Added samba to Azure Linux 3.0 3.3 08-Nov-24 Added samba to Azure Linux 3.0 3.4 09-Nov-24 Added samba to Azure Linux 3.0 3.5 10-Nov-24 Added samba to Azure Linux 3.0 3.6 11-Nov-24 Added samba to Azure Linux 3.0 3.7 12-Nov-24 Added samba to Azure Linux 3.0 3.8 13-Nov-24 Added samba to Azure Linux 3.0 3.9 14-Nov-24 Added samba to Azure Linux 3.0 4.0 15-Nov-24 Added samba to Azure Linux 3.0 4.1 16-Nov-24 Added samba to Azure Linux 3.0 4.2 17-Nov-24 Added samba to Azure Linux 3.0 4.3 18-Nov-24 Added samba to Azure Linux 3.0 4.4 19-Nov-24 Added samba to Azure Linux 3.0 4.5 20-Nov-24 Added samba to Azure Linux 3.0 4.6 21-Nov-24 Added samba to Azure Linux 3.0 4.7 23-Nov-24 Added samba to Azure Linux 3.0 4.8 24-Nov-24 Added samba to Azure Linux 3.0 4.9 25-Nov-24 Added samba to Azure Linux 3.0 5.0 26-Nov-24 Added samba to Azure Linux 3.0 5.1 27-Nov-24 Added samba to Azure Linux 3.0 5.2 28-Nov-24 Added samba to Azure Linux 3.0 5.3 29-Nov-24 Added samba to Azure Linux 3.0 5.4 30-Nov-24 Added samba to Azure Linux 3.0 5.5 01-Dec-24 Added samba to Azure Linux 3.0 5.6 02-Dec-24 Added samba to Azure Linux 3.0 5.7 03-Dec-24 Added samba to Azure Linux 3.0 5.8 04-Dec-24 Added samba to Azure Linux 3.0 5.9 05-Dec-24 Added samba to Azure Linux 3.0 6.0 07-Dec-24 Added samba to Azure Linux 3.0 6.1 08-Dec-24 Added samba to Azure Linux 3.0 6.2 09-Dec-24 Added samba to Azure Linux 3.0 6.3 10-Dec-24 Added samba to Azure Linux 3.0 6.4 11-Dec-24 Added samba to Azure Linux 3.0 6.5 12-Dec-24 Added samba to Azure Linux 3.0 6.6 13-Dec-24 Added samba to Azure Linux 3.0 6.7 14-Dec-24 Added samba to Azure Linux 3.0 6.8 15-Dec-24 Added samba to Azure Linux 3.0 6.9 16-Dec-24 Added samba to Azure Linux 3.0 7.0 17-Dec-24 Added samba to Azure Linux 3.0 7.1 18-Dec-24 Added samba to Azure Linux 3.0 7.2 19-Dec-24 Added samba to Azure Linux 3.0 7.3 20-Dec-24 Added samba to Azure Linux 3.0 7.4 21-Dec-24 Added samba to Azure Linux 3.0 7.5 22-Dec-24 Added samba to Azure Linux 3.0 7.6 23-Dec-24 Added samba to Azure Linux 3.0 7.7 24-Dec-24 Added samba to Azure Linux 3.0 7.8 25-Dec-24 Added samba to Azure Linux 3.0 7.9 26-Dec-24 Added samba to Azure Linux 3.0 8.0 27-Dec-24 Added samba to Azure Linux 3.0 8.1 28-Dec-24 Added samba to Azure Linux 3.0 8.2 29-Dec-24 Added samba to Azure Linux 3.0 8.3 30-Dec-24 Added samba to Azure Linux 3.0 8.4 31-Dec-24 Added samba to Azure Linux 3.0 8.5 01-Jan-25 Added samba to Azure Linux 3.0 8.6 02-Jan-25 Added samba to Azure Linux 3.0 8.7 03-Jan-25 Added samba to Azure Linux 3.0 8.8 04-Jan-25 Added samba to Azure Linux 3.0 8.9 05-Jan-25 Added samba to Azure Linux 3.0 9.0 06-Jan-25 Added samba to Azure Linux 3.0 9.1 07-Jan-25 Added samba to Azure Linux 3.0 9.2 08-Jan-25 Added samba to Azure Linux 3.0 9.3 09-Jan-25 Added samba to Azure Linux 3.0 9.4 10-Jan-25 Added samba to Azure Linux 3.0 9.5 11-Jan-25 Added samba to Azure Linux 3.0 9.6 12-Jan-25 Added samba to Azure Linux 3.0 9.7 13-Jan-25 Added samba to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2020-27840 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | samba (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
4.18.3-1 | Unknown | None |
Azure Linux 3.0 x64 | samba (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
4.18.3-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2020-27840 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2023-1393
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 03-Apr-23 Information published. 1.1 30-Jun-24 Information published. 1.2 11-Sep-24 Information published. 1.3 12-Sep-24 Information published. 1.4 13-Sep-24 Information published. 1.5 14-Sep-24 Information published. 1.6 15-Sep-24 Information published. 1.7 16-Sep-24 Information published. 1.8 17-Sep-24 Information published. 1.9 18-Sep-24 Information published. 2.0 19-Sep-24 Information published. 2.1 20-Sep-24 Information published. 2.2 21-Sep-24 Information published. 2.3 22-Sep-24 Information published. 2.4 23-Sep-24 Information published. 2.5 24-Sep-24 Information published. 2.6 25-Sep-24 Information published. 2.7 26-Sep-24 Information published. 2.8 27-Sep-24 Information published. 2.9 28-Sep-24 Information published. 3.0 29-Sep-24 Information published. 3.1 30-Sep-24 Information published. 3.2 01-Oct-24 Information published. 3.3 02-Oct-24 Information published. 3.4 03-Oct-24 Information published. 3.5 04-Oct-24 Information published. 3.6 05-Oct-24 Information published. 3.7 06-Oct-24 Information published. 3.8 07-Oct-24 Information published. 3.9 09-Oct-24 Information published. 4.0 10-Oct-24 Information published. 4.1 11-Oct-24 Information published. 4.2 12-Oct-24 Information published. 4.3 13-Oct-24 Information published. 4.4 14-Oct-24 Information published. 4.5 15-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 4.6 16-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 4.7 17-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 4.8 18-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 4.9 19-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 5.0 20-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 5.1 21-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 5.2 22-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 5.3 23-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 5.4 24-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 5.5 25-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 5.6 26-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 5.7 27-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 5.8 28-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 5.9 29-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 6.0 30-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 6.1 31-Oct-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 6.2 01-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 6.3 02-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 6.4 04-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 6.5 05-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 6.6 06-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 6.7 07-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 6.8 08-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 6.9 09-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 7.0 10-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 7.1 11-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 7.2 12-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 7.3 13-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 7.4 14-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 7.5 15-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 7.6 16-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 7.7 17-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 7.8 18-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 7.9 19-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 8.0 20-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 8.1 21-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 8.2 23-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 8.3 24-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 8.4 25-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 8.5 26-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 8.6 27-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 8.7 28-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 8.8 29-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 8.9 30-Nov-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 9.0 01-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 9.1 02-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 9.2 03-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 9.3 04-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 9.4 05-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 9.5 07-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 9.6 08-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 9.7 09-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 9.8 10-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 9.9 11-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 10.0 12-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 10.1 13-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 10.2 14-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 10.3 15-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 10.4 16-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 10.5 17-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 10.6 18-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 10.7 19-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 10.8 20-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 10.9 21-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 11.0 22-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 11.1 23-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 11.2 24-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 11.3 25-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 11.4 26-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 11.5 27-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 11.6 28-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 11.7 29-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 11.8 30-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 11.9 31-Dec-24 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 12.0 01-Jan-25 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 12.1 02-Jan-25 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 12.2 03-Jan-25 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 12.3 04-Jan-25 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 12.4 05-Jan-25 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 12.5 06-Jan-25 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 12.6 07-Jan-25 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 12.7 08-Jan-25 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 12.8 09-Jan-25 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 12.9 10-Jan-25 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 13.0 11-Jan-25 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 13.1 12-Jan-25 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 13.2 13-Jan-25 Added xorg-x11-server to Azure Linux 3.0 Added xorg-x11-server to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-1393 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.20.10-4 | Unknown | None |
Azure Linux 3.0 x64 | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.20.10-4 | Unknown | None |
CBL Mariner 2.0 ARM | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.20.10-4 | Unknown | None |
CBL Mariner 2.0 x64 | xorg-x11-server (CBL-Mariner) | Unknown | Unknown | None | Base: 7.8 Temporal: 7.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.20.10-4 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2023-1393 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-37535
MITRE NVD Issuing CNA: cve@mitre.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.4/TemporalScore:4.4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 30-Jun-24 Information published. 1.1 12-Jul-24 Information published. 1.2 20-Sep-24 Information published. 1.3 21-Sep-24 Information published. 1.4 22-Sep-24 Information published. 1.5 23-Sep-24 Information published. 1.6 24-Sep-24 Information published. 1.7 25-Sep-24 Information published. 1.8 26-Sep-24 Information published. 1.9 27-Sep-24 Information published. 2.0 28-Sep-24 Information published. 2.1 29-Sep-24 Information published. 2.2 30-Sep-24 Information published. 2.3 01-Oct-24 Information published. 2.4 02-Oct-24 Information published. 2.5 03-Oct-24 Information published. 2.6 04-Oct-24 Information published. 2.7 05-Oct-24 Information published. 2.8 06-Oct-24 Information published. 2.9 07-Oct-24 Information published. 3.0 08-Oct-24 Information published. 3.1 09-Oct-24 Information published. 3.2 10-Oct-24 Information published. 3.3 11-Oct-24 Information published. 3.4 12-Oct-24 Information published. 3.5 13-Oct-24 Information published. 3.6 14-Oct-24 Information published. 3.7 15-Oct-24 Added vte291 to CBL-Mariner 2.0 3.8 16-Oct-24 Added vte291 to CBL-Mariner 2.0 3.9 17-Oct-24 Added vte291 to CBL-Mariner 2.0 4.0 18-Oct-24 Added vte291 to CBL-Mariner 2.0 4.1 19-Oct-24 Added vte291 to CBL-Mariner 2.0 4.2 20-Oct-24 Added vte291 to CBL-Mariner 2.0 4.3 21-Oct-24 Added vte291 to CBL-Mariner 2.0 4.4 22-Oct-24 Added vte291 to CBL-Mariner 2.0 4.5 23-Oct-24 Added vte291 to CBL-Mariner 2.0 4.6 24-Oct-24 Added vte291 to CBL-Mariner 2.0 4.7 25-Oct-24 Added vte291 to CBL-Mariner 2.0 4.8 26-Oct-24 Added vte291 to CBL-Mariner 2.0 4.9 27-Oct-24 Added vte291 to CBL-Mariner 2.0 5.0 28-Oct-24 Added vte291 to CBL-Mariner 2.0 5.1 29-Oct-24 Added vte291 to CBL-Mariner 2.0 5.2 30-Oct-24 Added vte291 to CBL-Mariner 2.0 5.3 31-Oct-24 Added vte291 to CBL-Mariner 2.0 5.4 01-Nov-24 Added vte291 to CBL-Mariner 2.0 5.5 02-Nov-24 Added vte291 to CBL-Mariner 2.0 5.6 04-Nov-24 Added vte291 to CBL-Mariner 2.0 5.7 05-Nov-24 Added vte291 to CBL-Mariner 2.0 5.8 06-Nov-24 Added vte291 to CBL-Mariner 2.0 5.9 07-Nov-24 Added vte291 to CBL-Mariner 2.0 6.0 08-Nov-24 Added vte291 to CBL-Mariner 2.0 6.1 09-Nov-24 Added vte291 to CBL-Mariner 2.0 6.2 10-Nov-24 Added vte291 to CBL-Mariner 2.0 6.3 11-Nov-24 Added vte291 to CBL-Mariner 2.0 6.4 12-Nov-24 Added vte291 to CBL-Mariner 2.0 6.5 13-Nov-24 Added vte291 to CBL-Mariner 2.0 6.6 14-Nov-24 Added vte291 to CBL-Mariner 2.0 6.7 15-Nov-24 Added vte291 to CBL-Mariner 2.0 6.8 16-Nov-24 Added vte291 to CBL-Mariner 2.0 6.9 17-Nov-24 Added vte291 to CBL-Mariner 2.0 7.0 18-Nov-24 Added vte291 to CBL-Mariner 2.0 7.1 19-Nov-24 Added vte291 to CBL-Mariner 2.0 7.2 20-Nov-24 Added vte291 to CBL-Mariner 2.0 7.3 21-Nov-24 Added vte291 to CBL-Mariner 2.0 7.4 23-Nov-24 Added vte291 to CBL-Mariner 2.0 7.5 24-Nov-24 Added vte291 to CBL-Mariner 2.0 7.6 25-Nov-24 Added vte291 to CBL-Mariner 2.0 7.7 26-Nov-24 Added vte291 to CBL-Mariner 2.0 7.8 27-Nov-24 Added vte291 to CBL-Mariner 2.0 7.9 28-Nov-24 Added vte291 to CBL-Mariner 2.0 8.0 29-Nov-24 Added vte291 to CBL-Mariner 2.0 8.1 30-Nov-24 Added vte291 to CBL-Mariner 2.0 8.2 01-Dec-24 Added vte291 to CBL-Mariner 2.0 8.3 02-Dec-24 Added vte291 to CBL-Mariner 2.0 8.4 03-Dec-24 Added vte291 to CBL-Mariner 2.0 8.5 04-Dec-24 Added vte291 to CBL-Mariner 2.0 8.6 05-Dec-24 Added vte291 to CBL-Mariner 2.0 8.7 07-Dec-24 Added vte291 to CBL-Mariner 2.0 8.8 08-Dec-24 Added vte291 to CBL-Mariner 2.0 8.9 09-Dec-24 Added vte291 to CBL-Mariner 2.0 9.0 10-Dec-24 Added vte291 to CBL-Mariner 2.0 9.1 11-Dec-24 Added vte291 to CBL-Mariner 2.0 9.2 12-Dec-24 Added vte291 to CBL-Mariner 2.0 9.3 13-Dec-24 Added vte291 to CBL-Mariner 2.0 9.4 14-Dec-24 Added vte291 to CBL-Mariner 2.0 9.5 15-Dec-24 Added vte291 to CBL-Mariner 2.0 9.6 16-Dec-24 Added vte291 to CBL-Mariner 2.0 9.7 17-Dec-24 Added vte291 to CBL-Mariner 2.0 9.8 18-Dec-24 Added vte291 to CBL-Mariner 2.0 9.9 19-Dec-24 Added vte291 to CBL-Mariner 2.0 10.0 20-Dec-24 Added vte291 to CBL-Mariner 2.0 10.1 21-Dec-24 Added vte291 to CBL-Mariner 2.0 10.2 22-Dec-24 Added vte291 to CBL-Mariner 2.0 10.3 23-Dec-24 Added vte291 to CBL-Mariner 2.0 10.4 24-Dec-24 Added vte291 to CBL-Mariner 2.0 10.5 25-Dec-24 Added vte291 to CBL-Mariner 2.0 10.6 26-Dec-24 Added vte291 to CBL-Mariner 2.0 10.7 27-Dec-24 Added vte291 to CBL-Mariner 2.0 10.8 28-Dec-24 Added vte291 to CBL-Mariner 2.0 10.9 29-Dec-24 Added vte291 to CBL-Mariner 2.0 11.0 30-Dec-24 Added vte291 to CBL-Mariner 2.0 11.1 31-Dec-24 Added vte291 to CBL-Mariner 2.0 11.2 01-Jan-25 Added vte291 to CBL-Mariner 2.0 11.3 02-Jan-25 Added vte291 to CBL-Mariner 2.0 11.4 03-Jan-25 Added vte291 to CBL-Mariner 2.0 11.5 04-Jan-25 Added vte291 to CBL-Mariner 2.0 11.6 05-Jan-25 Added vte291 to CBL-Mariner 2.0 11.7 06-Jan-25 Added vte291 to CBL-Mariner 2.0 11.8 07-Jan-25 Added vte291 to CBL-Mariner 2.0 11.9 08-Jan-25 Added vte291 to CBL-Mariner 2.0 12.0 09-Jan-25 Added vte291 to CBL-Mariner 2.0 12.1 10-Jan-25 Added vte291 to CBL-Mariner 2.0 12.2 11-Jan-25 Added vte291 to CBL-Mariner 2.0 12.3 12-Jan-25 Added vte291 to CBL-Mariner 2.0 12.4 13-Jan-25 Added vte291 to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-37535 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown | Unknown | None | |
Azure Linux 3.0 x64 | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Unknown | Unknown | None | |
CBL Mariner 2.0 ARM | vte291 (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
0.66.2-3 | Unknown | None |
CBL Mariner 2.0 x64 | vte291 (CBL-Mariner) | Unknown | Unknown | None | Base: 4.4 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
0.66.2-3 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-37535 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2022-32746
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.4/TemporalScore:5.4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 15-Oct-24 Information published. 1.1 16-Oct-24 Added samba to Azure Linux 3.0 1.2 17-Oct-24 Added samba to Azure Linux 3.0 1.3 18-Oct-24 Added samba to Azure Linux 3.0 1.4 19-Oct-24 Added samba to Azure Linux 3.0 1.5 20-Oct-24 Added samba to Azure Linux 3.0 1.6 21-Oct-24 Added samba to Azure Linux 3.0 1.7 22-Oct-24 Added samba to Azure Linux 3.0 1.8 23-Oct-24 Added samba to Azure Linux 3.0 1.9 24-Oct-24 Added samba to Azure Linux 3.0 2.0 25-Oct-24 Added samba to Azure Linux 3.0 2.1 26-Oct-24 Added samba to Azure Linux 3.0 2.2 27-Oct-24 Added samba to Azure Linux 3.0 2.3 28-Oct-24 Added samba to Azure Linux 3.0 2.4 29-Oct-24 Added samba to Azure Linux 3.0 2.5 30-Oct-24 Added samba to Azure Linux 3.0 2.6 31-Oct-24 Added samba to Azure Linux 3.0 2.7 01-Nov-24 Added samba to Azure Linux 3.0 2.8 02-Nov-24 Added samba to Azure Linux 3.0 2.9 04-Nov-24 Added samba to Azure Linux 3.0 3.0 05-Nov-24 Added samba to Azure Linux 3.0 3.1 06-Nov-24 Added samba to Azure Linux 3.0 3.2 07-Nov-24 Added samba to Azure Linux 3.0 3.3 08-Nov-24 Added samba to Azure Linux 3.0 3.4 09-Nov-24 Added samba to Azure Linux 3.0 3.5 10-Nov-24 Added samba to Azure Linux 3.0 3.6 11-Nov-24 Added samba to Azure Linux 3.0 3.7 12-Nov-24 Added samba to Azure Linux 3.0 3.8 13-Nov-24 Added samba to Azure Linux 3.0 3.9 14-Nov-24 Added samba to Azure Linux 3.0 4.0 15-Nov-24 Added samba to Azure Linux 3.0 4.1 16-Nov-24 Added samba to Azure Linux 3.0 4.2 17-Nov-24 Added samba to Azure Linux 3.0 4.3 18-Nov-24 Added samba to Azure Linux 3.0 4.4 19-Nov-24 Added samba to Azure Linux 3.0 4.5 20-Nov-24 Added samba to Azure Linux 3.0 4.6 21-Nov-24 Added samba to Azure Linux 3.0 4.7 23-Nov-24 Added samba to Azure Linux 3.0 4.8 24-Nov-24 Added samba to Azure Linux 3.0 4.9 25-Nov-24 Added samba to Azure Linux 3.0 5.0 26-Nov-24 Added samba to Azure Linux 3.0 5.1 27-Nov-24 Added samba to Azure Linux 3.0 5.2 28-Nov-24 Added samba to Azure Linux 3.0 5.3 29-Nov-24 Added samba to Azure Linux 3.0 5.4 30-Nov-24 Added samba to Azure Linux 3.0 5.5 01-Dec-24 Added samba to Azure Linux 3.0 5.6 02-Dec-24 Added samba to Azure Linux 3.0 5.7 03-Dec-24 Added samba to Azure Linux 3.0 5.8 04-Dec-24 Added samba to Azure Linux 3.0 5.9 05-Dec-24 Added samba to Azure Linux 3.0 6.0 07-Dec-24 Added samba to Azure Linux 3.0 6.1 08-Dec-24 Added samba to Azure Linux 3.0 6.2 09-Dec-24 Added samba to Azure Linux 3.0 6.3 10-Dec-24 Added samba to Azure Linux 3.0 6.4 11-Dec-24 Added samba to Azure Linux 3.0 6.5 12-Dec-24 Added samba to Azure Linux 3.0 6.6 13-Dec-24 Added samba to Azure Linux 3.0 6.7 14-Dec-24 Added samba to Azure Linux 3.0 6.8 15-Dec-24 Added samba to Azure Linux 3.0 6.9 16-Dec-24 Added samba to Azure Linux 3.0 7.0 17-Dec-24 Added samba to Azure Linux 3.0 7.1 18-Dec-24 Added samba to Azure Linux 3.0 7.2 19-Dec-24 Added samba to Azure Linux 3.0 7.3 20-Dec-24 Added samba to Azure Linux 3.0 7.4 21-Dec-24 Added samba to Azure Linux 3.0 7.5 22-Dec-24 Added samba to Azure Linux 3.0 7.6 23-Dec-24 Added samba to Azure Linux 3.0 7.7 24-Dec-24 Added samba to Azure Linux 3.0 7.8 25-Dec-24 Added samba to Azure Linux 3.0 7.9 26-Dec-24 Added samba to Azure Linux 3.0 8.0 27-Dec-24 Added samba to Azure Linux 3.0 8.1 28-Dec-24 Added samba to Azure Linux 3.0 8.2 29-Dec-24 Added samba to Azure Linux 3.0 8.3 30-Dec-24 Added samba to Azure Linux 3.0 8.4 31-Dec-24 Added samba to Azure Linux 3.0 8.5 01-Jan-25 Added samba to Azure Linux 3.0 8.6 02-Jan-25 Added samba to Azure Linux 3.0 8.7 03-Jan-25 Added samba to Azure Linux 3.0 8.8 04-Jan-25 Added samba to Azure Linux 3.0 8.9 05-Jan-25 Added samba to Azure Linux 3.0 9.0 06-Jan-25 Added samba to Azure Linux 3.0 9.1 07-Jan-25 Added samba to Azure Linux 3.0 9.2 08-Jan-25 Added samba to Azure Linux 3.0 9.3 09-Jan-25 Added samba to Azure Linux 3.0 9.4 10-Jan-25 Added samba to Azure Linux 3.0 9.5 11-Jan-25 Added samba to Azure Linux 3.0 9.6 12-Jan-25 Added samba to Azure Linux 3.0 9.7 13-Jan-25 Added samba to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-32746 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | samba (CBL-Mariner) | Unknown | Unknown | None | Base: 5.4 Temporal: 5.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
4.18.3-1 | Unknown | None |
Azure Linux 3.0 x64 | samba (CBL-Mariner) | Unknown | Unknown | None | Base: 5.4 Temporal: 5.4 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
4.18.3-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2022-32746 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2021-20277
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 15-Oct-24 Information published. 1.1 16-Oct-24 Added samba to Azure Linux 3.0 1.2 17-Oct-24 Added samba to Azure Linux 3.0 1.3 18-Oct-24 Added samba to Azure Linux 3.0 1.4 19-Oct-24 Added samba to Azure Linux 3.0 1.5 20-Oct-24 Added samba to Azure Linux 3.0 1.6 21-Oct-24 Added samba to Azure Linux 3.0 1.7 22-Oct-24 Added samba to Azure Linux 3.0 1.8 23-Oct-24 Added samba to Azure Linux 3.0 1.9 24-Oct-24 Added samba to Azure Linux 3.0 2.0 25-Oct-24 Added samba to Azure Linux 3.0 2.1 26-Oct-24 Added samba to Azure Linux 3.0 2.2 27-Oct-24 Added samba to Azure Linux 3.0 2.3 28-Oct-24 Added samba to Azure Linux 3.0 2.4 29-Oct-24 Added samba to Azure Linux 3.0 2.5 30-Oct-24 Added samba to Azure Linux 3.0 2.6 31-Oct-24 Added samba to Azure Linux 3.0 2.7 01-Nov-24 Added samba to Azure Linux 3.0 2.8 02-Nov-24 Added samba to Azure Linux 3.0 2.9 04-Nov-24 Added samba to Azure Linux 3.0 3.0 05-Nov-24 Added samba to Azure Linux 3.0 3.1 06-Nov-24 Added samba to Azure Linux 3.0 3.2 07-Nov-24 Added samba to Azure Linux 3.0 3.3 08-Nov-24 Added samba to Azure Linux 3.0 3.4 09-Nov-24 Added samba to Azure Linux 3.0 3.5 10-Nov-24 Added samba to Azure Linux 3.0 3.6 11-Nov-24 Added samba to Azure Linux 3.0 3.7 12-Nov-24 Added samba to Azure Linux 3.0 3.8 13-Nov-24 Added samba to Azure Linux 3.0 3.9 14-Nov-24 Added samba to Azure Linux 3.0 4.0 15-Nov-24 Added samba to Azure Linux 3.0 4.1 16-Nov-24 Added samba to Azure Linux 3.0 4.2 17-Nov-24 Added samba to Azure Linux 3.0 4.3 18-Nov-24 Added samba to Azure Linux 3.0 4.4 19-Nov-24 Added samba to Azure Linux 3.0 4.5 20-Nov-24 Added samba to Azure Linux 3.0 4.6 21-Nov-24 Added samba to Azure Linux 3.0 4.7 23-Nov-24 Added samba to Azure Linux 3.0 4.8 24-Nov-24 Added samba to Azure Linux 3.0 4.9 25-Nov-24 Added samba to Azure Linux 3.0 5.0 26-Nov-24 Added samba to Azure Linux 3.0 5.1 27-Nov-24 Added samba to Azure Linux 3.0 5.2 28-Nov-24 Added samba to Azure Linux 3.0 5.3 29-Nov-24 Added samba to Azure Linux 3.0 5.4 30-Nov-24 Added samba to Azure Linux 3.0 5.5 01-Dec-24 Added samba to Azure Linux 3.0 5.6 02-Dec-24 Added samba to Azure Linux 3.0 5.7 03-Dec-24 Added samba to Azure Linux 3.0 5.8 04-Dec-24 Added samba to Azure Linux 3.0 5.9 05-Dec-24 Added samba to Azure Linux 3.0 6.0 07-Dec-24 Added samba to Azure Linux 3.0 6.1 08-Dec-24 Added samba to Azure Linux 3.0 6.2 09-Dec-24 Added samba to Azure Linux 3.0 6.3 10-Dec-24 Added samba to Azure Linux 3.0 6.4 11-Dec-24 Added samba to Azure Linux 3.0 6.5 12-Dec-24 Added samba to Azure Linux 3.0 6.6 13-Dec-24 Added samba to Azure Linux 3.0 6.7 14-Dec-24 Added samba to Azure Linux 3.0 6.8 15-Dec-24 Added samba to Azure Linux 3.0 6.9 16-Dec-24 Added samba to Azure Linux 3.0 7.0 17-Dec-24 Added samba to Azure Linux 3.0 7.1 18-Dec-24 Added samba to Azure Linux 3.0 7.2 19-Dec-24 Added samba to Azure Linux 3.0 7.3 20-Dec-24 Added samba to Azure Linux 3.0 7.4 21-Dec-24 Added samba to Azure Linux 3.0 7.5 22-Dec-24 Added samba to Azure Linux 3.0 7.6 23-Dec-24 Added samba to Azure Linux 3.0 7.7 24-Dec-24 Added samba to Azure Linux 3.0 7.8 25-Dec-24 Added samba to Azure Linux 3.0 7.9 26-Dec-24 Added samba to Azure Linux 3.0 8.0 27-Dec-24 Added samba to Azure Linux 3.0 8.1 28-Dec-24 Added samba to Azure Linux 3.0 8.2 29-Dec-24 Added samba to Azure Linux 3.0 8.3 30-Dec-24 Added samba to Azure Linux 3.0 8.4 31-Dec-24 Added samba to Azure Linux 3.0 8.5 01-Jan-25 Added samba to Azure Linux 3.0 8.6 02-Jan-25 Added samba to Azure Linux 3.0 8.7 03-Jan-25 Added samba to Azure Linux 3.0 8.8 04-Jan-25 Added samba to Azure Linux 3.0 8.9 05-Jan-25 Added samba to Azure Linux 3.0 9.0 06-Jan-25 Added samba to Azure Linux 3.0 9.1 07-Jan-25 Added samba to Azure Linux 3.0 9.2 08-Jan-25 Added samba to Azure Linux 3.0 9.3 09-Jan-25 Added samba to Azure Linux 3.0 9.4 10-Jan-25 Added samba to Azure Linux 3.0 9.5 11-Jan-25 Added samba to Azure Linux 3.0 9.6 12-Jan-25 Added samba to Azure Linux 3.0 9.7 13-Jan-25 Added samba to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2021-20277 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | samba (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
4.18.3-1 | Unknown | None |
Azure Linux 3.0 x64 | samba (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
4.18.3-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2021-20277 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2019-3833
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 02-Apr-24 Information published. 1.6 30-Jun-24 Information published. 1.7 08-Jul-24 Information published. 1.8 09-Jul-24 Information published. 1.9 10-Jul-24 Information published. 2.0 12-Jul-24 Information published. 2.1 13-Jul-24 Information published. 2.2 14-Jul-24 Information published. 2.3 15-Jul-24 Information published. 2.4 16-Jul-24 Information published. 2.5 17-Jul-24 Information published. 2.6 19-Jul-24 Information published. 2.7 20-Jul-24 Information published. 2.8 21-Jul-24 Information published. 2.9 22-Jul-24 Information published. 3.0 23-Jul-24 Information published. 3.1 24-Jul-24 Information published. 3.2 25-Jul-24 Information published. 3.3 26-Jul-24 Information published. 3.4 27-Jul-24 Information published. 3.5 28-Jul-24 Information published. 3.6 29-Jul-24 Information published. 3.7 02-Aug-24 Information published. 3.8 03-Aug-24 Information published. 3.9 04-Aug-24 Information published. 4.0 05-Aug-24 Information published. 4.1 06-Aug-24 Information published. 4.2 07-Aug-24 Information published. 4.3 08-Aug-24 Information published. 4.4 09-Aug-24 Information published. 4.5 10-Aug-24 Information published. 4.6 11-Aug-24 Information published. 4.7 12-Aug-24 Information published. 4.8 16-Aug-24 Information published. 4.9 17-Aug-24 Information published. 5.0 18-Aug-24 Information published. 5.1 19-Aug-24 Information published. 5.2 20-Aug-24 Information published. 5.3 21-Aug-24 Information published. 5.4 22-Aug-24 Information published. 5.5 23-Aug-24 Information published. 5.6 24-Aug-24 Information published. 5.7 25-Aug-24 Information published. 5.8 26-Aug-24 Information published. 5.9 27-Aug-24 Information published. 6.0 28-Aug-24 Information published. 6.1 29-Aug-24 Information published. 6.2 30-Aug-24 Information published. 6.3 31-Aug-24 Information published. 6.4 01-Sep-24 Information published. 6.5 02-Sep-24 Information published. 6.6 03-Sep-24 Information published. 6.7 05-Sep-24 Information published. 6.8 06-Sep-24 Information published. 6.9 07-Sep-24 Information published. 7.0 08-Sep-24 Information published. 7.1 11-Sep-24 Information published. 7.2 12-Sep-24 Information published. 7.3 13-Sep-24 Information published. 7.4 14-Sep-24 Information published. 7.5 15-Sep-24 Information published. 7.6 16-Sep-24 Information published. 7.7 17-Sep-24 Information published. 7.8 18-Sep-24 Information published. 7.9 19-Sep-24 Information published. 8.0 20-Sep-24 Information published. 8.1 21-Sep-24 Information published. 8.2 22-Sep-24 Information published. 8.3 23-Sep-24 Information published. 8.4 24-Sep-24 Information published. 8.5 25-Sep-24 Information published. 8.6 26-Sep-24 Information published. 8.7 27-Sep-24 Information published. 8.8 28-Sep-24 Information published. 8.9 29-Sep-24 Information published. 9.0 30-Sep-24 Information published. 9.1 01-Oct-24 Information published. 9.2 02-Oct-24 Information published. 9.3 03-Oct-24 Information published. 9.4 04-Oct-24 Information published. 9.5 05-Oct-24 Information published. 9.6 06-Oct-24 Information published. 9.7 07-Oct-24 Information published. 9.8 09-Oct-24 Information published. 9.9 10-Oct-24 Information published. 10.0 11-Oct-24 Information published. 10.1 12-Oct-24 Information published. 10.2 13-Oct-24 Information published. 10.3 14-Oct-24 Information published. 10.4 15-Oct-24 Added openwsman to CBL-Mariner 2.0 10.5 16-Oct-24 Added openwsman to CBL-Mariner 2.0 10.6 17-Oct-24 Added openwsman to CBL-Mariner 2.0 10.7 18-Oct-24 Added openwsman to CBL-Mariner 2.0 10.8 19-Oct-24 Added openwsman to CBL-Mariner 2.0 10.9 20-Oct-24 Added openwsman to CBL-Mariner 2.0 11.0 21-Oct-24 Added openwsman to CBL-Mariner 2.0 11.1 22-Oct-24 Added openwsman to CBL-Mariner 2.0 11.2 23-Oct-24 Added openwsman to CBL-Mariner 2.0 11.3 24-Oct-24 Added openwsman to CBL-Mariner 2.0 11.4 25-Oct-24 Added openwsman to CBL-Mariner 2.0 11.5 26-Oct-24 Added openwsman to CBL-Mariner 2.0 11.6 27-Oct-24 Added openwsman to CBL-Mariner 2.0 11.7 28-Oct-24 Added openwsman to CBL-Mariner 2.0 11.8 29-Oct-24 Added openwsman to CBL-Mariner 2.0 11.9 30-Oct-24 Added openwsman to CBL-Mariner 2.0 12.0 31-Oct-24 Added openwsman to CBL-Mariner 2.0 12.1 01-Nov-24 Added openwsman to CBL-Mariner 2.0 12.2 02-Nov-24 Added openwsman to CBL-Mariner 2.0 12.3 04-Nov-24 Added openwsman to CBL-Mariner 2.0 12.4 05-Nov-24 Added openwsman to CBL-Mariner 2.0 12.5 06-Nov-24 Added openwsman to CBL-Mariner 2.0 12.6 07-Nov-24 Added openwsman to CBL-Mariner 2.0 12.7 08-Nov-24 Added openwsman to CBL-Mariner 2.0 12.8 09-Nov-24 Added openwsman to CBL-Mariner 2.0 12.9 10-Nov-24 Added openwsman to CBL-Mariner 2.0 13.0 11-Nov-24 Added openwsman to CBL-Mariner 2.0 13.1 12-Nov-24 Added openwsman to CBL-Mariner 2.0 13.2 13-Nov-24 Added openwsman to CBL-Mariner 2.0 13.3 14-Nov-24 Added openwsman to CBL-Mariner 2.0 13.4 15-Nov-24 Added openwsman to CBL-Mariner 2.0 13.5 16-Nov-24 Added openwsman to CBL-Mariner 2.0 13.6 17-Nov-24 Added openwsman to CBL-Mariner 2.0 13.7 18-Nov-24 Added openwsman to CBL-Mariner 2.0 13.8 19-Nov-24 Added openwsman to CBL-Mariner 2.0 13.9 20-Nov-24 Added openwsman to CBL-Mariner 2.0 14.0 21-Nov-24 Added openwsman to CBL-Mariner 2.0 14.1 23-Nov-24 Added openwsman to CBL-Mariner 2.0 14.2 24-Nov-24 Added openwsman to CBL-Mariner 2.0 14.3 25-Nov-24 Added openwsman to CBL-Mariner 2.0 14.4 26-Nov-24 Added openwsman to CBL-Mariner 2.0 14.5 27-Nov-24 Added openwsman to CBL-Mariner 2.0 14.6 28-Nov-24 Added openwsman to CBL-Mariner 2.0 14.7 29-Nov-24 Added openwsman to CBL-Mariner 2.0 14.8 30-Nov-24 Added openwsman to CBL-Mariner 2.0 14.9 01-Dec-24 Added openwsman to CBL-Mariner 2.0 15.0 02-Dec-24 Added openwsman to CBL-Mariner 2.0 15.1 03-Dec-24 Added openwsman to CBL-Mariner 2.0 15.2 04-Dec-24 Added openwsman to CBL-Mariner 2.0 15.3 05-Dec-24 Added openwsman to CBL-Mariner 2.0 15.4 07-Dec-24 Added openwsman to CBL-Mariner 2.0 15.5 08-Dec-24 Added openwsman to CBL-Mariner 2.0 15.6 09-Dec-24 Added openwsman to CBL-Mariner 2.0 15.7 10-Dec-24 Added openwsman to CBL-Mariner 2.0 15.8 11-Dec-24 Added openwsman to CBL-Mariner 2.0 15.9 12-Dec-24 Added openwsman to CBL-Mariner 2.0 16.0 13-Dec-24 Added openwsman to CBL-Mariner 2.0 16.1 14-Dec-24 Added openwsman to CBL-Mariner 2.0 16.2 15-Dec-24 Added openwsman to CBL-Mariner 2.0 16.3 16-Dec-24 Added openwsman to CBL-Mariner 2.0 16.4 17-Dec-24 Added openwsman to CBL-Mariner 2.0 16.5 18-Dec-24 Added openwsman to CBL-Mariner 2.0 16.6 19-Dec-24 Added openwsman to CBL-Mariner 2.0 16.7 20-Dec-24 Added openwsman to CBL-Mariner 2.0 16.8 21-Dec-24 Added openwsman to CBL-Mariner 2.0 16.9 22-Dec-24 Added openwsman to CBL-Mariner 2.0 17.0 23-Dec-24 Added openwsman to CBL-Mariner 2.0 17.1 24-Dec-24 Added openwsman to CBL-Mariner 2.0 17.2 25-Dec-24 Added openwsman to CBL-Mariner 2.0 17.3 26-Dec-24 Added openwsman to CBL-Mariner 2.0 17.4 27-Dec-24 Added openwsman to CBL-Mariner 2.0 17.5 28-Dec-24 Added openwsman to CBL-Mariner 2.0 17.6 29-Dec-24 Added openwsman to CBL-Mariner 2.0 17.7 30-Dec-24 Added openwsman to CBL-Mariner 2.0 17.8 31-Dec-24 Added openwsman to CBL-Mariner 2.0 17.9 01-Jan-25 Added openwsman to CBL-Mariner 2.0 18.0 02-Jan-25 Added openwsman to CBL-Mariner 2.0 18.1 03-Jan-25 Added openwsman to CBL-Mariner 2.0 18.2 04-Jan-25 Added openwsman to CBL-Mariner 2.0 18.3 05-Jan-25 Added openwsman to CBL-Mariner 2.0 18.4 06-Jan-25 Added openwsman to CBL-Mariner 2.0 18.5 07-Jan-25 Added openwsman to CBL-Mariner 2.0 18.6 08-Jan-25 Added openwsman to CBL-Mariner 2.0 18.7 09-Jan-25 Added openwsman to CBL-Mariner 2.0 18.8 10-Jan-25 Added openwsman to CBL-Mariner 2.0 18.9 11-Jan-25 Added openwsman to CBL-Mariner 2.0 19.0 12-Jan-25 Added openwsman to CBL-Mariner 2.0 19.1 13-Jan-25 Added openwsman to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2019-3833 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown | Unknown | None | |
Azure Linux 3.0 x64 | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Unknown | Unknown | None | |
CBL Mariner 2.0 ARM | openwsman (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.6.8-13 | Unknown | None |
CBL Mariner 2.0 x64 | openwsman (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.6.8-13 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2019-3833 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-26929
MITRE NVD Issuing CNA: cve@kernel.org |
CVE Title: Unknown
CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 24-May-24 Information published. 1.1 29-Aug-24 Information published. 1.2 30-Aug-24 Information published. 1.3 31-Aug-24 Information published. 1.4 01-Sep-24 Information published. 1.5 02-Sep-24 Information published. 1.6 03-Sep-24 Information published. 1.7 05-Sep-24 Information published. 1.8 06-Sep-24 Information published. 1.9 07-Sep-24 Information published. 2.0 08-Sep-24 Information published. 2.1 11-Sep-24 Information published. 2.2 07-Jan-25 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-26929 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
6.6.35.1-5 | Unknown | None |
Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
6.6.35.1-5 | Unknown | None |
CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
5.15.158.1-1 | Unknown | None |
CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
5.15.158.1-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-26929 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-11168
MITRE NVD Issuing CNA: cna@python.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:3.7/TemporalScore:3.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 03-Dec-24 Information published. 1.1 07-Jan-25 Added python3 to CBL-Mariner 2.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-11168 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
CBL Mariner 2.0 ARM | python3 (CBL-Mariner) | Unknown | Unknown | None | Base: 3.7 Temporal: 3.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9.19-7 | Unknown | None |
CBL Mariner 2.0 x64 | python3 (CBL-Mariner) | Unknown | Unknown | None | Base: 3.7 Temporal: 3.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9.19-7 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-11168 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-12254
MITRE NVD Issuing CNA: cna@python.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 0.1 19-Dec-24 Information published. 0.2 07-Jan-25 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-12254 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | python3 (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.12.3-5 | Unknown | None |
Azure Linux 3.0 x64 | python3 (CBL-Mariner) | Unknown | Unknown | None | Base: 7.5 Temporal: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.12.3-5 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-12254 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-49967
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Nov-24 Information published. 1.1 12-Dec-24 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 1.2 08-Jan-25 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-49967 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
6.6.57.1-2 | Unknown | None |
Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
6.6.57.1-2 | Unknown | None |
CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
5.15.173.1-1 | Unknown | None |
CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
5.15.173.1-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-49967 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2023-52663
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 1.1 08-Jan-25 Added hyperv-daemons to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2023-52663 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-1 | Unknown | None |
Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2023-52663 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-45337
MITRE NVD Issuing CNA: security@golang.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:9.1/TemporalScore:9.1
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 0.1 20-Dec-24 Information published. 0.2 21-Dec-24 Information published. 0.3 24-Dec-24 Information published. 0.4 25-Dec-24 Information published. 0.5 26-Dec-24 Information published. 0.6 27-Dec-24 Information published. 0.7 09-Jan-25 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-45337 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | cf-cli (CBL-Mariner) docker-buildx (CBL-Mariner) kubevirt (CBL-Mariner) moby-engine (CBL-Mariner) |
Unknown | Unknown | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
8.7.3-4 0.14.0-2 1.2.0-11 25.0.3-9 |
None | ||
Azure Linux 3.0 x64 | cf-cli (CBL-Mariner) docker-buildx (CBL-Mariner) kubevirt (CBL-Mariner) moby-engine (CBL-Mariner) |
Unknown | Unknown | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
8.7.3-4 0.14.0-2 1.2.0-11 25.0.3-9 |
None | ||
CBL Mariner 2.0 ARM | cert-manager (CBL-Mariner) moby-compose (CBL-Mariner) moby-engine (CBL-Mariner) packer (CBL-Mariner) |
Unknown | Unknown | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
1.11.2-16 2.17.3-9 24.0.9-13 1.9.5-5 |
None | ||
CBL Mariner 2.0 x64 | cert-manager (CBL-Mariner) moby-compose (CBL-Mariner) moby-engine (CBL-Mariner) packer (CBL-Mariner) |
Unknown | Unknown | Base: 9.1 Temporal: 9.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
1.11.2-16 2.17.3-9 24.0.9-13 1.9.5-5 |
None |
CVE ID | Acknowledgements |
CVE-2024-45337 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-45338
MITRE NVD Issuing CNA: security@golang.org |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 0.1 09-Jan-25 Information published. 0.2 12-Jan-25 Information published. 0.3 13-Jan-25 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-45338 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
CBL Mariner 2.0 ARM | telegraf (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
1.29.4-10 | Unknown | None |
CBL Mariner 2.0 x64 | telegraf (CBL-Mariner) | Unknown | Unknown | None | Base: 5.3 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
1.29.4-10 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-45338 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-46756
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Oct-24 Information published. 1.1 16-Oct-24 Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0 1.2 10-Jan-25 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-46756 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
6.6.51.1-5 | Unknown | None |
Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
6.6.51.1-5 | Unknown | None |
CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
5.15.167.1-1 | Unknown | None |
CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
5.15.167.1-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-46756 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-45310
MITRE NVD Issuing CNA: security-advisories@github.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:3.6/TemporalScore:3.6
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 0.1 10-Jan-25 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-45310 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | runc (CBL-Mariner) | Unknown | Unknown | None | Base: 3.6 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N |
1.2.2-1 | Unknown | None |
Azure Linux 3.0 x64 | runc (CBL-Mariner) | Unknown | Unknown | None | Base: 3.6 Temporal: 3.6 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N |
1.2.2-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-45310 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-10041
MITRE NVD Issuing CNA: secalert@redhat.com |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 0.1 10-Jan-25 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-10041 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | pam (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.5.3-4 | Unknown | None |
Azure Linux 3.0 x64 | pam (CBL-Mariner) | Unknown | Unknown | None | Base: 4.7 Temporal: 4.7 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.5.3-4 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-10041 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-46758
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: None Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 12-Oct-24 Information published. 1.1 16-Oct-24 Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0 1.2 10-Jan-25 Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-46758 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
6.6.51.1-5 | Unknown | None |
Azure Linux 3.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
6.6.51.1-5 | Unknown | None |
CBL Mariner 2.0 ARM | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
5.15.167.1-1 | Unknown | None |
CBL Mariner 2.0 x64 | kernel (CBL-Mariner) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
5.15.167.1-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-46758 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
CVE-2024-35786
MITRE NVD Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CVE Title: Unknown
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 11-Sep-24 Information published. 1.1 11-Jan-25 Added hyperv-daemons to Azure Linux 3.0 |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-35786 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure Linux 3.0 ARM | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-1 | Unknown | None |
Azure Linux 3.0 x64 | hyperv-daemons (CBL-Mariner) | Unknown | Unknown | None | Base: 5.5 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
6.6.35.1-1 | Unknown | None |
CVE ID | Acknowledgements |
CVE-2024-35786 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2025-0291
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2025-0291 Type Confusion in V8
CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2025-0291 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
131.0.2903.147 | No | None |
CVE ID | Acknowledgements |
CVE-2025-0291 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||
CVE-2025-21362
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.4/TemporalScore:7.7
Executive Summary: None FAQ: Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.1 14-Jan-25 Updated one or more CVSS scores for the affected products. This is an informational change only. 1.0 14-Jan-25 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21362 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Excel 2016 (32-bit edition) | 5002673 (Security Update) | Critical | Remote Code Execution | 5002660 | Base: 8.4 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
16.0.5483.1001 | Maybe | None |
Microsoft Excel 2016 (64-bit edition) | 5002673 (Security Update) | Critical | Remote Code Execution | 5002660 | Base: 8.4 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
16.0.5483.1001 | Maybe | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93.25011212 | Yes | None |
Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93.25011212 | Yes | None |
Office Online Server | 5002677 (Security Update) | Critical | Remote Code Execution | 5002648 | Base: 8.4 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
16.0.10416.20047 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2025-21362 | 0x140ce(Peace & Love) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21354
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.4/TemporalScore:7.3
Executive Summary: None FAQ: Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.1 14-Jan-25 Updated one or more CVSS scores for the affected products. This is an informational change only. 1.0 14-Jan-25 Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21354 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.93.25011212 | Yes | None |
Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.93.25011212 | Yes | None |
Office Online Server | 5002677 (Security Update) | Critical | Remote Code Execution | 5002648 | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10416.20047 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2025-21354 | boolgombear Jmini |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVE-2025-21187
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Power Automate Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. How do I get the updated app? Users of version 2.51 will be notified about the availability of updated version 2.51.349.24355 or version 2.52, which will include the fix to address this vulnerability. Users running versions between 2.46 and 2.50 who do not wish to update to a higher version please refer to the following FAQ for update information and download links. How can I check if the update is installed? Refer to the following table for the fixed build version that addresses this vulnerability.
Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21187 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Power Automate for Desktop | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.52.62.25009 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2025-21187 | Tobias Diehl with Umpqua Bank |