Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

CVE Issued by Tag CVE ID CVE Title
Microsoft.NET CVE-2025-21171 .NET Remote Code Execution Vulnerability
Microsoft.NET CVE-2025-21173 .NET Elevation of Privilege Vulnerability
Microsoft.NET and Visual Studio CVE-2025-21172 .NET and Visual Studio Remote Code Execution Vulnerability
Microsoft.NET, .NET Framework, Visual Studio CVE-2025-21176 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
MicrosoftActive Directory Domain Services CVE-2025-21293 Active Directory Domain Services Elevation of Privilege Vulnerability
MicrosoftActive Directory Federation Services CVE-2025-21193 Active Directory Federation Server Spoofing Vulnerability
MicrosoftAzure Marketplace SaaS Resources CVE-2025-21380 Azure Marketplace SaaS Resources Information Disclosure Vulnerability
MicrosoftBranchCache CVE-2025-21296 BranchCache Remote Code Execution Vulnerability
MicrosoftInternet Explorer CVE-2025-21326 Internet Explorer Remote Code Execution Vulnerability
MicrosoftIP Helper CVE-2025-21231 IP Helper Denial of Service Vulnerability
MicrosoftLine Printer Daemon Service (LPD) CVE-2025-21224 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
secalert@redhat.comMariner CVE-2023-40550 Unknown
secalert@redhat.comMariner CVE-2024-3727 Unknown
cve@mitre.orgMariner CVE-2017-17522 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-35786 Unknown
secure@intel.comMariner CVE-2019-14584 Unknown
security@hashicorp.comMariner CVE-2024-6104 Unknown
cve@mitre.orgMariner CVE-2019-20907 Unknown
security@apache.orgMariner CVE-2024-52338 Unknown
cve@mitre.orgMariner CVE-2007-4559 Unknown
security@golang.orgMariner CVE-2023-45288 Unknown
cve@mitre.orgMariner CVE-2017-18207 Unknown
secalert@redhat.comMariner CVE-2023-40548 Unknown
secalert@redhat.comMariner CVE-2023-40549 Unknown
secalert@redhat.comMariner CVE-2021-20286 Unknown
security@golang.orgMariner CVE-2022-32149 Unknown
cve@mitre.orgMariner CVE-2019-9674 Unknown
secalert@redhat.comMariner CVE-2019-3816 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-46758 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-35795 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-46757 Unknown
cve@mitre.orgMariner CVE-2024-53580 Unknown
secalert@redhat.comMariner CVE-2024-9355 Unknown
cve@kernel.orgMariner CVE-2024-26929 Unknown
cna@python.orgMariner CVE-2024-11168 Unknown
cna@python.orgMariner CVE-2024-12254 Unknown
secalert@redhat.comMariner CVE-2022-32746 Unknown
secalert@redhat.comMariner CVE-2021-20277 Unknown
secalert@redhat.comMariner CVE-2019-3833 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-49967 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-46756 Unknown
secalert@redhat.comMariner CVE-2024-10041 Unknown
security-advisories@github.comMariner CVE-2024-45310 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2023-52663 Unknown
security@golang.orgMariner CVE-2024-45337 Unknown
security@golang.orgMariner CVE-2024-45338 Unknown
cve@mitre.orgMariner CVE-2024-37535 Unknown
security-advisories@github.comMariner CVE-2024-32020 Unknown
security-advisories@github.comMariner CVE-2024-32465 Unknown
secalert@redhat.comMariner CVE-2024-10963 Unknown
security-advisories@github.comMariner CVE-2024-34062 Unknown
report@snyk.ioMariner CVE-2021-23336 Unknown
security-advisories@github.comMariner CVE-2024-32021 Unknown
secalert@redhat.comMariner CVE-2024-7383 Unknown
secalert@redhat.comMariner CVE-2023-1393 Unknown
secalert@redhat.comMariner CVE-2020-27840 Unknown
security@ubuntu.comMariner CVE-2022-28737 Unknown
cve@mitre.orgMariner CVE-2022-40898 Unknown
secalert@redhat.comMariner CVE-2023-40546 Unknown
MicrosoftMicrosoft AutoUpdate (MAU) CVE-2025-21360 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
MicrosoftMicrosoft Azure Gateway Manager CVE-2025-21403 On-Premises Data Gateway Information Disclosure Vulnerability
MicrosoftMicrosoft Brokering File System CVE-2025-21315 Microsoft Brokering File System Elevation of Privilege Vulnerability
MicrosoftMicrosoft Brokering File System CVE-2025-21372 Microsoft Brokering File System Elevation of Privilege Vulnerability
MicrosoftMicrosoft Digest Authentication CVE-2025-21294 Microsoft Digest Authentication Remote Code Execution Vulnerability
ChromeMicrosoft Edge (Chromium-based) CVE-2025-0291 Chromium: CVE-2025-0291 Type Confusion in V8
MicrosoftMicrosoft Graphics Component CVE-2025-21382 Windows Graphics Component Elevation of Privilege Vulnerability
MicrosoftMicrosoft Office CVE-2025-21346 Microsoft Office Security Feature Bypass Vulnerability
MicrosoftMicrosoft Office CVE-2025-21365 Microsoft Office Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Access CVE-2025-21186 Microsoft Access Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Access CVE-2025-21366 Microsoft Access Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Access CVE-2025-21395 Microsoft Access Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Excel CVE-2025-21364 Microsoft Excel Security Feature Bypass Vulnerability
MicrosoftMicrosoft Office Excel CVE-2025-21362 Microsoft Excel Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Excel CVE-2025-21354 Microsoft Excel Remote Code Execution Vulnerability
MicrosoftMicrosoft Office OneNote CVE-2025-21402 Microsoft Office OneNote Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Outlook CVE-2025-21357 Microsoft Outlook Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Outlook for Mac CVE-2025-21361 Microsoft Outlook Remote Code Execution Vulnerability
MicrosoftMicrosoft Office SharePoint CVE-2025-21393 Microsoft SharePoint Server Spoofing Vulnerability
MicrosoftMicrosoft Office SharePoint CVE-2025-21344 Microsoft SharePoint Server Remote Code Execution Vulnerability
MicrosoftMicrosoft Office SharePoint CVE-2025-21348 Microsoft SharePoint Server Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Visio CVE-2025-21345 Microsoft Office Visio Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Visio CVE-2025-21356 Microsoft Office Visio Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Word CVE-2025-21363 Microsoft Word Remote Code Execution Vulnerability
MicrosoftMicrosoft Purview CVE-2025-21385 Microsoft Purview Information Disclosure Vulnerability
MicrosoftMicrosoft Windows Search Component CVE-2025-21292 Windows Search Service Elevation of Privilege Vulnerability
MicrosoftPower Automate CVE-2025-21187 Microsoft Power Automate Remote Code Execution Vulnerability
MicrosoftReliable Multicast Transport Driver (RMCAST) CVE-2025-21307 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
GitHubVisual Studio CVE-2024-50338 GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager
MicrosoftVisual Studio CVE-2025-21405 Visual Studio Elevation of Privilege Vulnerability
MicrosoftVisual Studio CVE-2025-21178 Visual Studio Remote Code Execution Vulnerability
MicrosoftWindows BitLocker CVE-2025-21213 Secure Boot Security Feature Bypass Vulnerability
MicrosoftWindows BitLocker CVE-2025-21214 Windows BitLocker Information Disclosure Vulnerability
MicrosoftWindows Boot Loader CVE-2025-21211 Secure Boot Security Feature Bypass Vulnerability
MicrosoftWindows Boot Manager CVE-2025-21215 Secure Boot Security Feature Bypass Vulnerability
MicrosoftWindows Client-Side Caching (CSC) Service CVE-2025-21374 Windows CSC Service Information Disclosure Vulnerability
MicrosoftWindows Client-Side Caching (CSC) Service CVE-2025-21378 Windows CSC Service Elevation of Privilege Vulnerability
MicrosoftWindows Cloud Files Mini Filter Driver CVE-2025-21271 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
MicrosoftWindows COM CVE-2025-21288 Windows COM Server Information Disclosure Vulnerability
MicrosoftWindows COM CVE-2025-21272 Windows COM Server Information Disclosure Vulnerability
MicrosoftWindows COM CVE-2025-21281 Microsoft COM for Windows Elevation of Privilege Vulnerability
MicrosoftWindows Connected Devices Platform Service CVE-2025-21207 Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
MicrosoftWindows Cryptographic Services CVE-2025-21336 Windows Cryptographic Information Disclosure Vulnerability
MicrosoftWindows Digital Media CVE-2025-21258 Windows Digital Media Elevation of Privilege Vulnerability
MicrosoftWindows Digital Media CVE-2025-21255 Windows Digital Media Elevation of Privilege Vulnerability
MicrosoftWindows Digital Media CVE-2025-21229 Windows Digital Media Elevation of Privilege Vulnerability
MicrosoftWindows Digital Media CVE-2025-21249 Windows Digital Media Elevation of Privilege Vulnerability
MicrosoftWindows Digital Media CVE-2025-21310 Windows Digital Media Elevation of Privilege Vulnerability
MicrosoftWindows Digital Media CVE-2025-21324 Windows Digital Media Elevation of Privilege Vulnerability
MicrosoftWindows Digital Media CVE-2025-21327 Windows Digital Media Elevation of Privilege Vulnerability
MicrosoftWindows Digital Media CVE-2025-21341 Windows Digital Media Elevation of Privilege Vulnerability
MicrosoftWindows Digital Media CVE-2025-21263 Windows Digital Media Elevation of Privilege Vulnerability
MicrosoftWindows Digital Media CVE-2025-21260 Windows Digital Media Elevation of Privilege Vulnerability
MicrosoftWindows Digital Media CVE-2025-21232 Windows Digital Media Elevation of Privilege Vulnerability
MicrosoftWindows Digital Media CVE-2025-21228 Windows Digital Media Elevation of Privilege Vulnerability
MicrosoftWindows Digital Media CVE-2025-21265 Windows Digital Media Elevation of Privilege Vulnerability
MicrosoftWindows Digital Media CVE-2025-21226 Windows Digital Media Elevation of Privilege Vulnerability
MicrosoftWindows Digital Media CVE-2025-21227 Windows Digital Media Elevation of Privilege Vulnerability
MicrosoftWindows Digital Media CVE-2025-21261 Windows Digital Media Elevation of Privilege Vulnerability
MicrosoftWindows Digital Media CVE-2025-21256 Windows Digital Media Elevation of Privilege Vulnerability
MicrosoftWindows Direct Show CVE-2025-21291 Windows Direct Show Remote Code Execution Vulnerability
MicrosoftWindows DWM Core Library CVE-2025-21304 Microsoft DWM Core Library Elevation of Privilege Vulnerability
MicrosoftWindows Event Tracing CVE-2025-21274 Windows Event Tracing Denial of Service Vulnerability
MicrosoftWindows Geolocation Service CVE-2025-21301 Windows Geolocation Service Information Disclosure Vulnerability
MicrosoftWindows Hello CVE-2025-21340 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
MicrosoftWindows Hyper-V NT Kernel Integration VSP CVE-2025-21333 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
MicrosoftWindows Hyper-V NT Kernel Integration VSP CVE-2025-21334 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
MicrosoftWindows Hyper-V NT Kernel Integration VSP CVE-2025-21335 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
MicrosoftWindows Installer CVE-2025-21287 Windows Installer Elevation of Privilege Vulnerability
MicrosoftWindows Installer CVE-2025-21275 Windows App Package Installer Elevation of Privilege Vulnerability
MicrosoftWindows Installer CVE-2025-21331 Windows Installer Elevation of Privilege Vulnerability
MicrosoftWindows Kerberos CVE-2025-21218 Windows Kerberos Denial of Service Vulnerability
MicrosoftWindows Kerberos CVE-2025-21299 Windows Kerberos Security Feature Bypass Vulnerability
MicrosoftWindows Kerberos CVE-2025-21242 Windows Kerberos Information Disclosure Vulnerability
MicrosoftWindows Kernel Memory CVE-2025-21323 Windows Kernel Memory Information Disclosure Vulnerability
MicrosoftWindows Kernel Memory CVE-2025-21316 Windows Kernel Memory Information Disclosure Vulnerability
MicrosoftWindows Kernel Memory CVE-2025-21318 Windows Kernel Memory Information Disclosure Vulnerability
MicrosoftWindows Kernel Memory CVE-2025-21319 Windows Kernel Memory Information Disclosure Vulnerability
MicrosoftWindows Kernel Memory CVE-2025-21320 Windows Kernel Memory Information Disclosure Vulnerability
MicrosoftWindows Kernel Memory CVE-2025-21321 Windows Kernel Memory Information Disclosure Vulnerability
MicrosoftWindows Kernel Memory CVE-2025-21317 Windows Kernel Memory Information Disclosure Vulnerability
MicrosoftWindows MapUrlToZone CVE-2025-21328 MapUrlToZone Security Feature Bypass Vulnerability
MicrosoftWindows MapUrlToZone CVE-2025-21276 Windows MapUrlToZone Denial of Service Vulnerability
MicrosoftWindows MapUrlToZone CVE-2025-21329 MapUrlToZone Security Feature Bypass Vulnerability
MicrosoftWindows MapUrlToZone CVE-2025-21189 MapUrlToZone Security Feature Bypass Vulnerability
MicrosoftWindows MapUrlToZone CVE-2025-21269 Windows HTML Platforms Security Feature Bypass Vulnerability
MicrosoftWindows MapUrlToZone CVE-2025-21268 MapUrlToZone Security Feature Bypass Vulnerability
MicrosoftWindows MapUrlToZone CVE-2025-21332 MapUrlToZone Security Feature Bypass Vulnerability
MicrosoftWindows MapUrlToZone CVE-2025-21219 MapUrlToZone Security Feature Bypass Vulnerability
MicrosoftWindows Message Queuing CVE-2025-21270 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
MicrosoftWindows Message Queuing CVE-2025-21289 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
MicrosoftWindows Message Queuing CVE-2025-21251 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
MicrosoftWindows Message Queuing CVE-2025-21285 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
MicrosoftWindows Message Queuing CVE-2025-21290 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
MicrosoftWindows Message Queuing CVE-2025-21230 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
MicrosoftWindows Message Queuing CVE-2025-21277 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
MicrosoftWindows Message Queuing CVE-2025-21220 Microsoft Message Queuing Information Disclosure Vulnerability
MicrosoftWindows NTLM CVE-2025-21217 Windows NTLM Spoofing Vulnerability
MicrosoftWindows NTLM CVE-2025-21311 Windows NTLM V1 Elevation of Privilege Vulnerability
MicrosoftWindows OLE CVE-2025-21298 Windows OLE Remote Code Execution Vulnerability
MicrosoftWindows PrintWorkflowUserSvc CVE-2025-21235 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
MicrosoftWindows PrintWorkflowUserSvc CVE-2025-21234 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
MicrosoftWindows Recovery Environment Agent CVE-2025-21202 Windows Recovery Environment Agent Elevation of Privilege Vulnerability
MicrosoftWindows Remote Desktop Services CVE-2025-21309 Windows Remote Desktop Services Remote Code Execution Vulnerability
MicrosoftWindows Remote Desktop Services CVE-2025-21297 Windows Remote Desktop Services Remote Code Execution Vulnerability
MicrosoftWindows Remote Desktop Services CVE-2025-21330 Windows Remote Desktop Services Denial of Service Vulnerability
MicrosoftWindows Remote Desktop Services CVE-2025-21225 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
MicrosoftWindows Remote Desktop Services CVE-2025-21278 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CERT CCWindows Secure Boot CVE-2024-7344 Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass
MicrosoftWindows Security Account Manager CVE-2025-21313 Windows Security Account Manager (SAM) Denial of Service Vulnerability
MicrosoftWindows Smart Card CVE-2025-21312 Windows Smart Card Reader Information Disclosure Vulnerability
MicrosoftWindows SmartScreen CVE-2025-21314 Windows SmartScreen Spoofing Vulnerability
MicrosoftWindows SPNEGO Extended Negotiation CVE-2025-21295 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21241 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21243 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21237 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21239 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21244 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21238 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21252 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21248 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21240 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21413 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21286 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21305 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21411 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21246 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21250 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21236 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21233 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21417 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21273 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21266 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21303 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21282 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21302 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21306 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21223 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21409 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21339 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Telephony Service CVE-2025-21245 Windows Telephony Service Remote Code Execution Vulnerability
MicrosoftWindows Themes CVE-2025-21308 Windows Themes Spoofing Vulnerability
MicrosoftWindows UPnP Device Host CVE-2025-21300 Windows upnphost.dll Denial of Service Vulnerability
MicrosoftWindows UPnP Device Host CVE-2025-21389 Windows upnphost.dll Denial of Service Vulnerability
MicrosoftWindows Virtual Trusted Platform Module CVE-2025-21210 Windows BitLocker Information Disclosure Vulnerability
MicrosoftWindows Virtual Trusted Platform Module CVE-2025-21280 Windows Virtual Trusted Platform Module Denial of Service Vulnerability
MicrosoftWindows Virtual Trusted Platform Module CVE-2025-21284 Windows Virtual Trusted Platform Module Denial of Service Vulnerability
MicrosoftWindows Virtualization-Based Security (VBS) Enclave CVE-2025-21370 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
MicrosoftWindows Web Threat Defense User Service CVE-2025-21343 Windows Web Threat Defense User Service Information Disclosure Vulnerability
MicrosoftWindows Win32K - GRFX CVE-2025-21338 GDI+ Remote Code Execution Vulnerability
MicrosoftWindows WLAN Auto Config Service CVE-2025-21257 Windows WLAN AutoConfig Service Information Disclosure Vulnerability

CVE-2024-50338 - GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-50338
MITRE
NVD

Issuing CNA: GitHub

CVE Title: GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager
CVSS:

CVSS:3.1 Highest BaseScore:7.4/TemporalScore:6.4
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

Why is this GitHub CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.


What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is secrets or privileged information belonging to the user of the affected application.


Mitigations:
None
Workarounds:
None
Revision:
1.0    14-Jan-25    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-50338
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Release Notes (Security Update) Important Information Disclosure None Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
15.9.69 Maybe None
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Release Notes (Security Update) Important Information Disclosure None Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
16.11.43 Maybe None
Microsoft Visual Studio 2022 version 17.10 Release Notes (Security Update) Important Information Disclosure None Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
17.10.10 Maybe None
Microsoft Visual Studio 2022 version 17.12 Release Notes (Security Update) Important Information Disclosure None Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
17.12.4 Maybe None
Microsoft Visual Studio 2022 version 17.6 Release Notes (Security Update) Important Information Disclosure None Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
17.6.22 Maybe None
Microsoft Visual Studio 2022 version 17.8 Release Notes (Security Update) Important Information Disclosure None Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
17.8.17 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-50338 Anonymous


CVE-2025-21411 - Windows Telephony Service Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-21411
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

How could an attacker exploit this vulnerability?

An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.


Mitigations:
None
Workarounds:
None
Revision:
1.0    14-Jan-25    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-21411
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5050013 (Security Update) Important Remote Code Execution 5048703 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 for x64-based Systems 5050013 (Security Update) Important Remote Code Execution 5048703 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 Version 1607 for 32-bit Systems 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1607 for x64-based Systems 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1809 for 32-bit Systems 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 1809 for x64-based Systems 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 21H2 for 32-bit Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for ARM64-based Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for x64-based Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 22H2 for 32-bit Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for ARM64-based Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for x64-based Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 11 Version 22H2 for ARM64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 22H2 for x64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for ARM64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for x64-based Systems 5050021 (Security Update) Important Remote Code Execution
5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.4751
Yes 5050021
Windows 11 Version 24H2 for ARM64-based Systems 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows 11 Version 24H2 for x64-based Systems 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2008 for 32-bit Systems Service Pack 2 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for x64-based Systems Service Pack 2 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Remote Code Execution 5048695
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Remote Code Execution 5048695
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2012 5050004 (Monthly Rollup) Important Remote Code Execution 5048699 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 (Server Core installation) 5050004 (Monthly Rollup) Important Remote Code Execution 5048699 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 R2 5050048 (Monthly Rollup) Important Remote Code Execution 5048735 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22371 Yes None
Windows Server 2012 R2 (Server Core installation) 5050048 (Monthly Rollup) Important Remote Code Execution 5048735 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22371 Yes None
Windows Server 2016 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2016 (Server Core installation) 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2019 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2019 (Server Core installation) 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2022 5049983 (Security Update) Important Remote Code Execution 5048654
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022 (Server Core installation) 5049983 (Security Update) Important Remote Code Execution 5048654
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022, 23H2 Edition (Server Core installation) 5049984 (Security Update) Important Remote Code Execution 5048653
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.1369
Yes 5049984
Windows Server 2025 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2025 (Server Core installation) 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009

Acknowledgements

CVE ID Acknowledgements
CVE-2025-21411 Anonymous


CVE-2025-21413 - Windows Telephony Service Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-21413
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

How could an attacker exploit this vulnerability?

An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.


Mitigations:
None
Workarounds:
None
Revision:
1.0    14-Jan-25    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-21413
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5050013 (Security Update) Important Remote Code Execution 5048703 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 for x64-based Systems 5050013 (Security Update) Important Remote Code Execution 5048703 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 Version 1607 for 32-bit Systems 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1607 for x64-based Systems 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1809 for 32-bit Systems 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 1809 for x64-based Systems 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 21H2 for 32-bit Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for ARM64-based Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for x64-based Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 22H2 for 32-bit Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for ARM64-based Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for x64-based Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 11 Version 22H2 for ARM64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 22H2 for x64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for ARM64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for x64-based Systems 5050021 (Security Update) Important Remote Code Execution
5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.4751
Yes 5050021
Windows 11 Version 24H2 for ARM64-based Systems 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows 11 Version 24H2 for x64-based Systems 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2008 for 32-bit Systems Service Pack 2 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for x64-based Systems Service Pack 2 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Remote Code Execution 5048695
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Remote Code Execution 5048695
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2012 5050004 (Monthly Rollup) Important Remote Code Execution 5048699 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 (Server Core installation) 5050004 (Monthly Rollup) Important Remote Code Execution 5048699 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 R2 5050048 (Monthly Rollup) Important Remote Code Execution 5048735 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22371 Yes None
Windows Server 2012 R2 (Server Core installation) 5050048 (Monthly Rollup) Important Remote Code Execution 5048735 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22371 Yes None
Windows Server 2016 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2016 (Server Core installation) 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2019 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2019 (Server Core installation) 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2022 5049983 (Security Update) Important Remote Code Execution 5048654
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022 (Server Core installation) 5049983 (Security Update) Important Remote Code Execution 5048654
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022, 23H2 Edition (Server Core installation) 5049984 (Security Update) Important Remote Code Execution 5048653
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.1369
Yes 5049984
Windows Server 2025 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2025 (Server Core installation) 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009

Acknowledgements

CVE ID Acknowledgements
CVE-2025-21413 Anonymous


CVE-2025-21171 - .NET Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-21171
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: .NET Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?

This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they should be placed on the victim's system.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they should be placed on the victim's system.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

Exploitation of this vulnerability requires that a user trigger the payload in the application.


Mitigations:
None
Workarounds:
None
Revision:
1.0    14-Jan-25    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-21171
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
.NET 9.0 installed on Linux 5050526 (Security Update) Important Remote Code Execution None Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9.0.1 Maybe None
.NET 9.0 installed on Mac OS 5050526 (Security Update) Important Remote Code Execution None Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9.0.1 Maybe None
.NET 9.0 installed on Windows 5050526 (Security Update) Important Remote Code Execution None Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9.0.1 Maybe None
Microsoft Visual Studio 2022 version 17.10 Release Notes (Security Update) Important Remote Code Execution None Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
17.10.10 Maybe None
Microsoft Visual Studio 2022 version 17.12 Release Notes (Security Update) Important Remote Code Execution None Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
17.12.4 Maybe None
Microsoft Visual Studio 2022 version 17.6 Release Notes (Security Update) Important Remote Code Execution None Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
17.6.22 Maybe None
Microsoft Visual Studio 2022 version 17.8 Release Notes (Security Update) Important Remote Code Execution None Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
17.8.17 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2025-21171 None

CVE-2025-21210 - Windows BitLocker Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-21210
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows BitLocker Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:4.2/TemporalScore:3.7
Base score metrics
Attack VectorPhysical
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What type of information could be disclosed by this vulnerability?

Exploiting this vulnerability could allow the disclosure of unencrypted hibernation images in cleartext.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.


According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?

To exploit this vulnerability, an attacker needs repeated physical access to the victim machine's hard disk.


Mitigations:
None
Workarounds:
None
Revision:
1.0    14-Jan-25    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-21210
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5050013 (Security Update) Important Information Disclosure 5048703 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 for x64-based Systems 5050013 (Security Update) Important Information Disclosure 5048703 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 Version 1607 for 32-bit Systems 5049993 (Security Update) Important Information Disclosure 5048671 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1607 for x64-based Systems 5049993 (Security Update) Important Information Disclosure 5048671 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1809 for 32-bit Systems 5050008 (Security Update) Important Information Disclosure 5048661
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 1809 for x64-based Systems 5050008 (Security Update) Important Information Disclosure 5048661
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 21H2 for 32-bit Systems 5049981 (Security Update) Important Information Disclosure 5048652
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for ARM64-based Systems 5049981 (Security Update) Important Information Disclosure 5048652
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for x64-based Systems 5049981 (Security Update) Important Information Disclosure 5048652
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 22H2 for 32-bit Systems 5049981 (Security Update) Important Information Disclosure
5048652
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for ARM64-based Systems 5049981 (Security Update) Important Information Disclosure
5048652
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for x64-based Systems 5049981 (Security Update) Important Information Disclosure
5048652
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 11 Version 22H2 for ARM64-based Systems 5050021 (Security Update) Important Information Disclosure 5048685
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 22H2 for x64-based Systems 5050021 (Security Update) Important Information Disclosure 5048685
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for ARM64-based Systems 5050021 (Security Update) Important Information Disclosure 5048685
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for x64-based Systems 5050021 (Security Update) Important Information Disclosure
5048685
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.22631.4751
Yes 5050021
Windows 11 Version 24H2 for ARM64-based Systems 5050009 (Security Update) Important Information Disclosure 5048667
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows 11 Version 24H2 for x64-based Systems 5050009 (Security Update) Important Information Disclosure 5048667
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2008 for 32-bit Systems Service Pack 2 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Information Disclosure 5048710
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Information Disclosure 5048710
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for x64-based Systems Service Pack 2 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Information Disclosure 5048710
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Information Disclosure 5048710
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Information Disclosure 5048695
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Information Disclosure 5048695
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2012 5050004 (Monthly Rollup) Important Information Disclosure 5048699 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 (Server Core installation) 5050004 (Monthly Rollup) Important Information Disclosure 5048699 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 R2 5050048 (Monthly Rollup) Important Information Disclosure 5048735 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.3.9600.22371 Yes None
Windows Server 2012 R2 (Server Core installation) 5050048 (Monthly Rollup) Important Information Disclosure 5048735 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.3.9600.22371 Yes None
Windows Server 2016 5049993 (Security Update) Important Information Disclosure 5048671 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2016 (Server Core installation) 5049993 (Security Update) Important Information Disclosure 5048671 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2019 5050008 (Security Update) Important Information Disclosure 5048661
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2019 (Server Core installation) 5050008 (Security Update) Important Information Disclosure 5048661
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2022 5049983 (Security Update) Important Information Disclosure 5048654
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022 (Server Core installation) 5049983 (Security Update) Important Information Disclosure 5048654
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022, 23H2 Edition (Server Core installation) 5049984 (Security Update) Important Information Disclosure 5048653
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.25398.1369
Yes 5049984
Windows Server 2025 5050009 (Security Update) Important Information Disclosure 5048667
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2025 (Server Core installation) 5050009 (Security Update) Important Information Disclosure 5048667
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009

Acknowledgements

CVE ID Acknowledgements
CVE-2025-21210 Maxim Suhanov with CICADA8


CVE-2025-21214 - Windows BitLocker Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-21214
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows BitLocker Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:4.2/TemporalScore:3.7
Base score metrics
Attack VectorPhysical
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Bitlocker Key.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts by swapping virtual hard disks.


Mitigations:
None
Workarounds:
None
Revision:
1.0    14-Jan-25    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-21214
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5050013 (Security Update) Important Information Disclosure 5048703 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 for x64-based Systems 5050013 (Security Update) Important Information Disclosure 5048703 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 Version 1607 for 32-bit Systems 5049993 (Security Update) Important Information Disclosure 5048671 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1607 for x64-based Systems 5049993 (Security Update) Important Information Disclosure 5048671 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1809 for 32-bit Systems 5050008 (Security Update) Important Information Disclosure 5048661
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 1809 for x64-based Systems 5050008 (Security Update) Important Information Disclosure 5048661
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 21H2 for 32-bit Systems 5049981 (Security Update) Important Information Disclosure 5048652
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for ARM64-based Systems 5049981 (Security Update) Important Information Disclosure 5048652
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for x64-based Systems 5049981 (Security Update) Important Information Disclosure 5048652
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 22H2 for 32-bit Systems 5049981 (Security Update) Important Information Disclosure
5048652
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for ARM64-based Systems 5049981 (Security Update) Important Information Disclosure
5048652
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for x64-based Systems 5049981 (Security Update) Important Information Disclosure
5048652
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 11 Version 22H2 for ARM64-based Systems 5050021 (Security Update) Important Information Disclosure 5048685
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 22H2 for x64-based Systems 5050021 (Security Update) Important Information Disclosure 5048685
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for ARM64-based Systems 5050021 (Security Update) Important Information Disclosure 5048685
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for x64-based Systems 5050021 (Security Update) Important Information Disclosure
5048685
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.22631.4751
Yes 5050021
Windows 11 Version 24H2 for ARM64-based Systems 5050009 (Security Update) Important Information Disclosure 5048667
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows 11 Version 24H2 for x64-based Systems 5050009 (Security Update) Important Information Disclosure 5048667
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2008 for 32-bit Systems Service Pack 2 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Information Disclosure 5048710
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Information Disclosure 5048710
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for x64-based Systems Service Pack 2 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Information Disclosure 5048710
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Information Disclosure 5048710
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Information Disclosure 5048695
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Information Disclosure 5048695
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2012 5050004 (Monthly Rollup) Important Information Disclosure 5048699 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 (Server Core installation) 5050004 (Monthly Rollup) Important Information Disclosure 5048699 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 R2 5050048 (Monthly Rollup) Important Information Disclosure 5048735 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.3.9600.22371 Yes None
Windows Server 2012 R2 (Server Core installation) 5050048 (Monthly Rollup) Important Information Disclosure 5048735 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.3.9600.22371 Yes None
Windows Server 2016 5049993 (Security Update) Important Information Disclosure 5048671 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2016 (Server Core installation) 5049993 (Security Update) Important Information Disclosure 5048671 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2019 5050008 (Security Update) Important Information Disclosure 5048661
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2019 (Server Core installation) 5050008 (Security Update) Important Information Disclosure 5048661
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2022 5049983 (Security Update) Important Information Disclosure 5048654
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022 (Server Core installation) 5049983 (Security Update) Important Information Disclosure 5048654
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022, 23H2 Edition (Server Core installation) 5049984 (Security Update) Important Information Disclosure 5048653
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.25398.1369
Yes 5049984
Windows Server 2025 5050009 (Security Update) Important Information Disclosure 5048667
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2025 (Server Core installation) 5050009 (Security Update) Important Information Disclosure 5048667
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009

Acknowledgements

CVE ID Acknowledgements
CVE-2025-21214 Maxim Suhanov with CICADA8


CVE-2025-21215 - Secure Boot Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-21215
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Secure Boot Security Feature Bypass Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:4.6/TemporalScore:4.0
Base score metrics
Attack VectorPhysical
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

How could an attacker exploit this vulnerability?

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then trigger an event that could exploit the vulnerability and save an invalid state to a database or trigger other unintended actions.


What kind of security feature could be bypassed by successfully exploiting this vulnerability?

An attacker who successfully exploited this vulnerability could bypass Secure Boot.


Mitigations:
None
Workarounds:
None
Revision:
1.0    14-Jan-25    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-21215
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5050013 (Security Update) Important Information Disclosure 5048703 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 for x64-based Systems 5050013 (Security Update) Important Information Disclosure 5048703 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 Version 1607 for 32-bit Systems 5049993 (Security Update) Important Information Disclosure 5048671 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1607 for x64-based Systems 5049993 (Security Update) Important Information Disclosure 5048671 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1809 for 32-bit Systems 5050008 (Security Update) Important Information Disclosure 5048661
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 1809 for x64-based Systems 5050008 (Security Update) Important Information Disclosure 5048661
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 21H2 for 32-bit Systems 5049981 (Security Update) Important Information Disclosure 5048652
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for ARM64-based Systems 5049981 (Security Update) Important Information Disclosure 5048652
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for x64-based Systems 5049981 (Security Update) Important Information Disclosure 5048652
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 22H2 for 32-bit Systems 5049981 (Security Update) Important Information Disclosure
5048652
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for ARM64-based Systems 5049981 (Security Update) Important Information Disclosure
5048652
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for x64-based Systems 5049981 (Security Update) Important Information Disclosure
5048652
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 11 Version 22H2 for ARM64-based Systems 5050021 (Security Update) Important Information Disclosure 5048685
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 22H2 for x64-based Systems 5050021 (Security Update) Important Information Disclosure 5048685
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for ARM64-based Systems 5050021 (Security Update) Important Information Disclosure 5048685
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for x64-based Systems 5050021 (Security Update) Important Information Disclosure
5048685
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.22631.4751
Yes 5050021
Windows 11 Version 24H2 for ARM64-based Systems 5050009 (Security Update) Important Information Disclosure 5048667
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows 11 Version 24H2 for x64-based Systems 5050009 (Security Update) Important Information Disclosure 5048667
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2008 for 32-bit Systems Service Pack 2 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Information Disclosure 5048710
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Information Disclosure 5048710
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for x64-based Systems Service Pack 2 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Information Disclosure 5048710
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Information Disclosure 5048710
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Information Disclosure 5048695
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Information Disclosure 5048695
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2012 5050004 (Monthly Rollup) Important Information Disclosure 5048699 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 (Server Core installation) 5050004 (Monthly Rollup) Important Information Disclosure 5048699 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 R2 5050048 (Monthly Rollup) Important Information Disclosure 5048735 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.3.9600.22371 Yes None
Windows Server 2012 R2 (Server Core installation) 5050048 (Monthly Rollup) Important Information Disclosure 5048735 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.3.9600.22371 Yes None
Windows Server 2016 5049993 (Security Update) Important Information Disclosure 5048671 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2016 (Server Core installation) 5049993 (Security Update) Important Information Disclosure 5048671 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2019 5050008 (Security Update) Important Information Disclosure 5048661
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2019 (Server Core installation) 5050008 (Security Update) Important Information Disclosure 5048661
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2022 5049983 (Security Update) Important Information Disclosure 5048654
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022 (Server Core installation) 5049983 (Security Update) Important Information Disclosure 5048654
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022, 23H2 Edition (Server Core installation) 5049984 (Security Update) Important Information Disclosure 5048653
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.25398.1369
Yes 5049984
Windows Server 2025 5050009 (Security Update) Important Information Disclosure 5048667
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2025 (Server Core installation) 5050009 (Security Update) Important Information Disclosure 5048667
Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009

Acknowledgements

CVE ID Acknowledgements
CVE-2025-21215 Maxim Suhanov with CICADA8


CVE-2025-21233 - Windows Telephony Service Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-21233
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

How could an attacker exploit this vulnerability?

An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.


Mitigations:
None
Workarounds:
None
Revision:
1.0    14-Jan-25    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-21233
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5050013 (Security Update) Important Remote Code Execution 5048703 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 for x64-based Systems 5050013 (Security Update) Important Remote Code Execution 5048703 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 Version 1607 for 32-bit Systems 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1607 for x64-based Systems 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1809 for 32-bit Systems 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 1809 for x64-based Systems 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 21H2 for 32-bit Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for ARM64-based Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for x64-based Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 22H2 for 32-bit Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for ARM64-based Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for x64-based Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 11 Version 22H2 for ARM64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 22H2 for x64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for ARM64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for x64-based Systems 5050021 (Security Update) Important Remote Code Execution
5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.4751
Yes 5050021
Windows 11 Version 24H2 for ARM64-based Systems 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows 11 Version 24H2 for x64-based Systems 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2008 for 32-bit Systems Service Pack 2 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for x64-based Systems Service Pack 2 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Remote Code Execution 5048695
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Remote Code Execution 5048695
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2012 5050004 (Monthly Rollup) Important Remote Code Execution 5048699 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 (Server Core installation) 5050004 (Monthly Rollup) Important Remote Code Execution 5048699 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 R2 5050048 (Monthly Rollup) Important Remote Code Execution 5048735 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22371 Yes None
Windows Server 2012 R2 (Server Core installation) 5050048 (Monthly Rollup) Important Remote Code Execution 5048735 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22371 Yes None
Windows Server 2016 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2016 (Server Core installation) 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2019 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2019 (Server Core installation) 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2022 5049983 (Security Update) Important Remote Code Execution 5048654
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022 (Server Core installation) 5049983 (Security Update) Important Remote Code Execution 5048654
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022, 23H2 Edition (Server Core installation) 5049984 (Security Update) Important Remote Code Execution 5048653
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.1369
Yes 5049984
Windows Server 2025 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2025 (Server Core installation) 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009

Acknowledgements

CVE ID Acknowledgements
CVE-2025-21233 Anonymous


CVE-2025-21234 - Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-21234
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level.

Please refer to AppContainer isolation and Mandatory Integrity Control for more information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    14-Jan-25    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-21234
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 21H2 for 32-bit Systems 5049981 (Security Update) Important Elevation of Privilege 5048652
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for ARM64-based Systems 5049981 (Security Update) Important Elevation of Privilege 5048652
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for x64-based Systems 5049981 (Security Update) Important Elevation of Privilege 5048652
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 22H2 for 32-bit Systems 5049981 (Security Update) Important Elevation of Privilege
5048652
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for ARM64-based Systems 5049981 (Security Update) Important Elevation of Privilege
5048652
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for x64-based Systems 5049981 (Security Update) Important Elevation of Privilege
5048652
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 11 Version 22H2 for ARM64-based Systems 5050021 (Security Update) Important Elevation of Privilege 5048685
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 22H2 for x64-based Systems 5050021 (Security Update) Important Elevation of Privilege 5048685
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for ARM64-based Systems 5050021 (Security Update) Important Elevation of Privilege 5048685
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for x64-based Systems 5050021 (Security Update) Important Elevation of Privilege
5048685
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.4751
Yes 5050021
Windows 11 Version 24H2 for ARM64-based Systems 5050009 (Security Update) Important Elevation of Privilege 5048667
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows 11 Version 24H2 for x64-based Systems 5050009 (Security Update) Important Elevation of Privilege 5048667
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2022 5049983 (Security Update) Important Elevation of Privilege 5048654
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022 (Server Core installation) 5049983 (Security Update) Important Elevation of Privilege 5048654
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022, 23H2 Edition (Server Core installation) 5049984 (Security Update) Important Elevation of Privilege 5048653
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.1369
Yes 5049984
Windows Server 2025 5050009 (Security Update) Important Elevation of Privilege 5048667
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2025 (Server Core installation) 5050009 (Security Update) Important Elevation of Privilege 5048667
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009

Acknowledgements

CVE ID Acknowledgements
CVE-2025-21234 Jongseong Kim (nevul37) with Ajou University & ENKI WhiteHat


CVE-2025-21235 - Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-21235
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level.

Please refer to AppContainer isolation and Mandatory Integrity Control for more information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    14-Jan-25    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-21235
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 21H2 for 32-bit Systems 5049981 (Security Update) Important Elevation of Privilege 5048652
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for ARM64-based Systems 5049981 (Security Update) Important Elevation of Privilege 5048652
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for x64-based Systems 5049981 (Security Update) Important Elevation of Privilege 5048652
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 22H2 for 32-bit Systems 5049981 (Security Update) Important Elevation of Privilege
5048652
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for ARM64-based Systems 5049981 (Security Update) Important Elevation of Privilege
5048652
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for x64-based Systems 5049981 (Security Update) Important Elevation of Privilege
5048652
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 11 Version 22H2 for ARM64-based Systems 5050021 (Security Update) Important Elevation of Privilege 5048685
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 22H2 for x64-based Systems 5050021 (Security Update) Important Elevation of Privilege 5048685
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for ARM64-based Systems 5050021 (Security Update) Important Elevation of Privilege 5048685
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for x64-based Systems 5050021 (Security Update) Important Elevation of Privilege
5048685
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.4751
Yes 5050021
Windows 11 Version 24H2 for ARM64-based Systems 5050009 (Security Update) Important Elevation of Privilege 5048667
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows 11 Version 24H2 for x64-based Systems 5050009 (Security Update) Important Elevation of Privilege 5048667
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2022 5049983 (Security Update) Important Elevation of Privilege 5048654
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022 (Server Core installation) 5049983 (Security Update) Important Elevation of Privilege 5048654
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022, 23H2 Edition (Server Core installation) 5049984 (Security Update) Important Elevation of Privilege 5048653
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.1369
Yes 5049984
Windows Server 2025 5050009 (Security Update) Important Elevation of Privilege 5048667
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2025 (Server Core installation) 5050009 (Security Update) Important Elevation of Privilege 5048667
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009

Acknowledgements

CVE ID Acknowledgements
CVE-2025-21235 Jongseong Kim (nevul37) with Ajou University & ENKI WhiteHat


CVE-2025-21236 - Windows Telephony Service Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-21236
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

How could an attacker exploit this vulnerability?

An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.


Mitigations:
None
Workarounds:
None
Revision:
1.0    14-Jan-25    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-21236
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5050013 (Security Update) Important Remote Code Execution 5048703 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 for x64-based Systems 5050013 (Security Update) Important Remote Code Execution 5048703 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 Version 1607 for 32-bit Systems 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1607 for x64-based Systems 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1809 for 32-bit Systems 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 1809 for x64-based Systems 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 21H2 for 32-bit Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for ARM64-based Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for x64-based Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 22H2 for 32-bit Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for ARM64-based Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for x64-based Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 11 Version 22H2 for ARM64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 22H2 for x64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for ARM64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for x64-based Systems 5050021 (Security Update) Important Remote Code Execution
5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.4751
Yes 5050021
Windows 11 Version 24H2 for ARM64-based Systems 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows 11 Version 24H2 for x64-based Systems 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2008 for 32-bit Systems Service Pack 2 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for x64-based Systems Service Pack 2 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Remote Code Execution 5048695
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Remote Code Execution 5048695
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2012 5050004 (Monthly Rollup) Important Remote Code Execution 5048699 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 (Server Core installation) 5050004 (Monthly Rollup) Important Remote Code Execution 5048699 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 R2 5050048 (Monthly Rollup) Important Remote Code Execution 5048735 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22371 Yes None
Windows Server 2012 R2 (Server Core installation) 5050048 (Monthly Rollup) Important Remote Code Execution 5048735 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22371 Yes None
Windows Server 2016 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2016 (Server Core installation) 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2019 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2019 (Server Core installation) 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2022 5049983 (Security Update) Important Remote Code Execution 5048654
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022 (Server Core installation) 5049983 (Security Update) Important Remote Code Execution 5048654
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022, 23H2 Edition (Server Core installation) 5049984 (Security Update) Important Remote Code Execution 5048653
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.1369
Yes 5049984
Windows Server 2025 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2025 (Server Core installation) 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009

Acknowledgements

CVE ID Acknowledgements
CVE-2025-21236 Anonymous


CVE-2025-21237 - Windows Telephony Service Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-21237
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

How could an attacker exploit this vulnerability?

An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.


Mitigations:
None
Workarounds:
None
Revision:
1.0    14-Jan-25    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-21237
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5050013 (Security Update) Important Remote Code Execution 5048703 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 for x64-based Systems 5050013 (Security Update) Important Remote Code Execution 5048703 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 Version 1607 for 32-bit Systems 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1607 for x64-based Systems 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1809 for 32-bit Systems 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 1809 for x64-based Systems 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 21H2 for 32-bit Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for ARM64-based Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for x64-based Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 22H2 for 32-bit Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for ARM64-based Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for x64-based Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 11 Version 22H2 for ARM64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 22H2 for x64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for ARM64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for x64-based Systems 5050021 (Security Update) Important Remote Code Execution
5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.4751
Yes 5050021
Windows 11 Version 24H2 for ARM64-based Systems 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows 11 Version 24H2 for x64-based Systems 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2008 for 32-bit Systems Service Pack 2 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for x64-based Systems Service Pack 2 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Remote Code Execution 5048695
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Remote Code Execution 5048695
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2012 5050004 (Monthly Rollup) Important Remote Code Execution 5048699 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 (Server Core installation) 5050004 (Monthly Rollup) Important Remote Code Execution 5048699 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 R2 5050048 (Monthly Rollup) Important Remote Code Execution 5048735 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22371 Yes None
Windows Server 2012 R2 (Server Core installation) 5050048 (Monthly Rollup) Important Remote Code Execution 5048735 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22371 Yes None
Windows Server 2016 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2016 (Server Core installation) 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2019 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2019 (Server Core installation) 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2022 5049983 (Security Update) Important Remote Code Execution 5048654
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022 (Server Core installation) 5049983 (Security Update) Important Remote Code Execution 5048654
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022, 23H2 Edition (Server Core installation) 5049984 (Security Update) Important Remote Code Execution 5048653
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.1369
Yes 5049984
Windows Server 2025 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2025 (Server Core installation) 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009

Acknowledgements

CVE ID Acknowledgements
CVE-2025-21237 Anonymous


CVE-2025-21239 - Windows Telephony Service Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-21239
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

How could an attacker exploit this vulnerability?

An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.


Mitigations:
None
Workarounds:
None
Revision:
1.0    14-Jan-25    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-21239
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5050013 (Security Update) Important Remote Code Execution 5048703 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 for x64-based Systems 5050013 (Security Update) Important Remote Code Execution 5048703 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 Version 1607 for 32-bit Systems 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1607 for x64-based Systems 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1809 for 32-bit Systems 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 1809 for x64-based Systems 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 21H2 for 32-bit Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for ARM64-based Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for x64-based Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 22H2 for 32-bit Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for ARM64-based Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for x64-based Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 11 Version 22H2 for ARM64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 22H2 for x64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for ARM64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for x64-based Systems 5050021 (Security Update) Important Remote Code Execution
5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.4751
Yes 5050021
Windows 11 Version 24H2 for ARM64-based Systems 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows 11 Version 24H2 for x64-based Systems 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2016 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2016 (Server Core installation) 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2019 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2019 (Server Core installation) 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2022 5049983 (Security Update) Important Remote Code Execution 5048654
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022 (Server Core installation) 5049983 (Security Update) Important Remote Code Execution 5048654
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022, 23H2 Edition (Server Core installation) 5049984 (Security Update) Important Remote Code Execution 5048653
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.1369
Yes 5049984
Windows Server 2025 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2025 (Server Core installation) 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009

Acknowledgements

CVE ID Acknowledgements
CVE-2025-21239 Anonymous


CVE-2025-21241 - Windows Telephony Service Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-21241
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

How could an attacker exploit this vulnerability?

An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.


Mitigations:
None
Workarounds:
None
Revision:
1.0    14-Jan-25    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-21241
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5050013 (Security Update) Important Remote Code Execution 5048703 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 for x64-based Systems 5050013 (Security Update) Important Remote Code Execution 5048703 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 Version 1607 for 32-bit Systems 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1607 for x64-based Systems 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1809 for 32-bit Systems 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 1809 for x64-based Systems 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 21H2 for 32-bit Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for ARM64-based Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for x64-based Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 22H2 for 32-bit Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for ARM64-based Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for x64-based Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 11 Version 22H2 for ARM64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 22H2 for x64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for ARM64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for x64-based Systems 5050021 (Security Update) Important Remote Code Execution
5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.4751
Yes 5050021
Windows 11 Version 24H2 for ARM64-based Systems 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows 11 Version 24H2 for x64-based Systems 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2016 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2016 (Server Core installation) 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2019 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2019 (Server Core installation) 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2022 5049983 (Security Update) Important Remote Code Execution 5048654
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022 (Server Core installation) 5049983 (Security Update) Important Remote Code Execution 5048654
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022, 23H2 Edition (Server Core installation) 5049984 (Security Update) Important Remote Code Execution 5048653
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.1369
Yes 5049984
Windows Server 2025 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2025 (Server Core installation) 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009

Acknowledgements

CVE ID Acknowledgements
CVE-2025-21241 Anonymous


CVE-2025-21242 - Windows Kerberos Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-21242
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Kerberos Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.2
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.


Mitigations:
None
Workarounds:
None
Revision:
1.0    14-Jan-25    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-21242
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5050013 (Security Update) Important Information Disclosure 5048703 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 for x64-based Systems 5050013 (Security Update) Important Information Disclosure 5048703 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 Version 1607 for 32-bit Systems 5049993 (Security Update) Important Information Disclosure 5048671 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1607 for x64-based Systems 5049993 (Security Update) Important Information Disclosure 5048671 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1809 for 32-bit Systems 5050008 (Security Update) Important Information Disclosure 5048661
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 1809 for x64-based Systems 5050008 (Security Update) Important Information Disclosure 5048661
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 21H2 for 32-bit Systems 5049981 (Security Update) Important Information Disclosure 5048652
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for ARM64-based Systems 5049981 (Security Update) Important Information Disclosure 5048652
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for x64-based Systems 5049981 (Security Update) Important Information Disclosure 5048652
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 22H2 for 32-bit Systems 5049981 (Security Update) Important Information Disclosure
5048652
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for ARM64-based Systems 5049981 (Security Update) Important Information Disclosure
5048652
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for x64-based Systems 5049981 (Security Update) Important Information Disclosure
5048652
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 11 Version 22H2 for ARM64-based Systems 5050021 (Security Update) Important Information Disclosure 5048685
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 22H2 for x64-based Systems 5050021 (Security Update) Important Information Disclosure 5048685
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for ARM64-based Systems 5050021 (Security Update) Important Information Disclosure 5048685
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for x64-based Systems 5050021 (Security Update) Important Information Disclosure
5048685
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.22631.4751
Yes 5050021
Windows 11 Version 24H2 for ARM64-based Systems 5050009 (Security Update) Important Information Disclosure 5048667
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows 11 Version 24H2 for x64-based Systems 5050009 (Security Update) Important Information Disclosure 5048667
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Information Disclosure 5048695
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Information Disclosure 5048695
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2012 5050004 (Monthly Rollup) Important Information Disclosure 5048699 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 (Server Core installation) 5050004 (Monthly Rollup) Important Information Disclosure 5048699 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 R2 5050048 (Monthly Rollup) Important Information Disclosure 5048735 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.3.9600.22371 Yes None
Windows Server 2012 R2 (Server Core installation) 5050048 (Monthly Rollup) Important Information Disclosure 5048735 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6.3.9600.22371 Yes None
Windows Server 2016 5049993 (Security Update) Important Information Disclosure 5048671 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2016 (Server Core installation) 5049993 (Security Update) Important Information Disclosure 5048671 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows Server 2019 5050008 (Security Update) Important Information Disclosure 5048661
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2019 (Server Core installation) 5050008 (Security Update) Important Information Disclosure 5048661
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows Server 2022 5049983 (Security Update) Important Information Disclosure 5048654
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022 (Server Core installation) 5049983 (Security Update) Important Information Disclosure 5048654
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.3091
Yes 5049983
Windows Server 2022, 23H2 Edition (Server Core installation) 5049984 (Security Update) Important Information Disclosure 5048653
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.25398.1369
Yes 5049984
Windows Server 2025 5050009 (Security Update) Important Information Disclosure 5048667
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2025 (Server Core installation) 5050009 (Security Update) Important Information Disclosure 5048667
Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009

Acknowledgements

CVE ID Acknowledgements
CVE-2025-21242 Asna Farooqui


CVE-2025-21243 - Windows Telephony Service Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2025-21243
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

How could an attacker exploit this vulnerability?

An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.


Mitigations:
None
Workarounds:
None
Revision:
1.0    14-Jan-25    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2025-21243
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5050013 (Security Update) Important Remote Code Execution 5048703 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 for x64-based Systems 5050013 (Security Update) Important Remote Code Execution 5048703 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20890 Yes None
Windows 10 Version 1607 for 32-bit Systems 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1607 for x64-based Systems 5049993 (Security Update) Important Remote Code Execution 5048671 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7699 Yes None
Windows 10 Version 1809 for 32-bit Systems 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 1809 for x64-based Systems 5050008 (Security Update) Important Remote Code Execution 5048661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.6775
Yes 5050008
Windows 10 Version 21H2 for 32-bit Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for ARM64-based Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 21H2 for x64-based Systems 5049981 (Security Update) Important Remote Code Execution 5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.5371
Yes 5049981
Windows 10 Version 22H2 for 32-bit Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for ARM64-based Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 10 Version 22H2 for x64-based Systems 5049981 (Security Update) Important Remote Code Execution
5048652
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.5371
Yes 5049981
Windows 11 Version 22H2 for ARM64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 22H2 for x64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for ARM64-based Systems 5050021 (Security Update) Important Remote Code Execution 5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.4751
Yes 5050021
Windows 11 Version 23H2 for x64-based Systems 5050021 (Security Update) Important Remote Code Execution
5048685
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.22631.4751
Yes 5050021
Windows 11 Version 24H2 for ARM64-based Systems 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows 11 Version 24H2 for x64-based Systems 5050009 (Security Update) Important Remote Code Execution 5048667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.26100.2894
Yes 5050009
Windows Server 2008 for 32-bit Systems Service Pack 2 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for x64-based Systems Service Pack 2 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5050063 (Monthly Rollup)
5050061 (Security Only)
Important Remote Code Execution 5048710
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.23070
Yes 5050063
5050061
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Remote Code Execution 5048695
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5050049 (Monthly Rollup)
5050006 (Security Only)
Important Remote Code Execution 5048695
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27520 Yes None
Windows Server 2012 5050004 (Monthly Rollup) Important Remote Code Execution 5048699 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 (Server Core installation) 5050004 (Monthly Rollup) Important Remote Code Execution 5048699 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.25273 Yes None
Windows Server 2012 R2 5050048 (Monthly Rollup) Important Remote Code Execution 5048735 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22371 Yes None
Windows Server 2012 R2 (Server Core installation) 5050048 (Monthly Rollup) Important Remote Code Execution 5048735 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C