This report contains detail for the following vulnerabilities:
| CVE Issued by | Tag | CVE ID | CVE Title |
|---|---|---|---|
| Microsoft | .NET | CVE-2025-21171 | .NET Remote Code Execution Vulnerability |
| Microsoft | .NET | CVE-2025-21173 | .NET Elevation of Privilege Vulnerability |
| Microsoft | .NET and Visual Studio | CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability |
| Microsoft | .NET, .NET Framework, Visual Studio | CVE-2025-21176 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
| Microsoft | Active Directory Domain Services | CVE-2025-21293 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| Microsoft | Active Directory Federation Services | CVE-2025-21193 | Active Directory Federation Server Spoofing Vulnerability |
| Microsoft | Azure Marketplace SaaS Resources | CVE-2025-21380 | Azure Marketplace SaaS Resources Information Disclosure Vulnerability |
| Microsoft | BranchCache | CVE-2025-21296 | BranchCache Remote Code Execution Vulnerability |
| Microsoft | Internet Explorer | CVE-2025-21326 | Internet Explorer Remote Code Execution Vulnerability |
| Microsoft | IP Helper | CVE-2025-21231 | IP Helper Denial of Service Vulnerability |
| Microsoft | Line Printer Daemon Service (LPD) | CVE-2025-21224 | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability |
| secalert@redhat.com | Mariner | CVE-2023-40550 | Unknown |
| secalert@redhat.com | Mariner | CVE-2024-3727 | Unknown |
| cve@mitre.org | Mariner | CVE-2017-17522 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-35786 | Unknown |
| secure@intel.com | Mariner | CVE-2019-14584 | Unknown |
| security@hashicorp.com | Mariner | CVE-2024-6104 | Unknown |
| cve@mitre.org | Mariner | CVE-2019-20907 | Unknown |
| security@apache.org | Mariner | CVE-2024-52338 | Unknown |
| cve@mitre.org | Mariner | CVE-2007-4559 | Unknown |
| security@golang.org | Mariner | CVE-2023-45288 | Unknown |
| cve@mitre.org | Mariner | CVE-2017-18207 | Unknown |
| secalert@redhat.com | Mariner | CVE-2023-40548 | Unknown |
| secalert@redhat.com | Mariner | CVE-2023-40549 | Unknown |
| secalert@redhat.com | Mariner | CVE-2021-20286 | Unknown |
| security@golang.org | Mariner | CVE-2022-32149 | Unknown |
| cve@mitre.org | Mariner | CVE-2019-9674 | Unknown |
| secalert@redhat.com | Mariner | CVE-2019-3816 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46758 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-35795 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46757 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-53580 | Unknown |
| secalert@redhat.com | Mariner | CVE-2024-9355 | Unknown |
| cve@kernel.org | Mariner | CVE-2024-26929 | Unknown |
| cna@python.org | Mariner | CVE-2024-11168 | Unknown |
| cna@python.org | Mariner | CVE-2024-12254 | Unknown |
| secalert@redhat.com | Mariner | CVE-2022-32746 | Unknown |
| secalert@redhat.com | Mariner | CVE-2021-20277 | Unknown |
| secalert@redhat.com | Mariner | CVE-2019-3833 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49967 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46756 | Unknown |
| secalert@redhat.com | Mariner | CVE-2024-10041 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-45310 | Unknown |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2023-52663 | Unknown |
| security@golang.org | Mariner | CVE-2024-45337 | Unknown |
| security@golang.org | Mariner | CVE-2024-45338 | Unknown |
| cve@mitre.org | Mariner | CVE-2024-37535 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-32020 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-32465 | Unknown |
| secalert@redhat.com | Mariner | CVE-2024-10963 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-34062 | Unknown |
| report@snyk.io | Mariner | CVE-2021-23336 | Unknown |
| security-advisories@github.com | Mariner | CVE-2024-32021 | Unknown |
| secalert@redhat.com | Mariner | CVE-2024-7383 | Unknown |
| secalert@redhat.com | Mariner | CVE-2023-1393 | Unknown |
| secalert@redhat.com | Mariner | CVE-2020-27840 | Unknown |
| security@ubuntu.com | Mariner | CVE-2022-28737 | Unknown |
| cve@mitre.org | Mariner | CVE-2022-40898 | Unknown |
| secalert@redhat.com | Mariner | CVE-2023-40546 | Unknown |
| Microsoft | Microsoft AutoUpdate (MAU) | CVE-2025-21360 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Azure Gateway Manager | CVE-2025-21403 | On-Premises Data Gateway Information Disclosure Vulnerability |
| Microsoft | Microsoft Brokering File System | CVE-2025-21315 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Brokering File System | CVE-2025-21372 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Digest Authentication | CVE-2025-21294 | Microsoft Digest Authentication Remote Code Execution Vulnerability |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0291 | Chromium: CVE-2025-0291 Type Confusion in V8 |
| Microsoft | Microsoft Graphics Component | CVE-2025-21382 | Windows Graphics Component Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Office | CVE-2025-21346 | Microsoft Office Security Feature Bypass Vulnerability |
| Microsoft | Microsoft Office | CVE-2025-21365 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Access | CVE-2025-21186 | Microsoft Access Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Access | CVE-2025-21366 | Microsoft Access Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Access | CVE-2025-21395 | Microsoft Access Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Excel | CVE-2025-21364 | Microsoft Excel Security Feature Bypass Vulnerability |
| Microsoft | Microsoft Office Excel | CVE-2025-21362 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Excel | CVE-2025-21354 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office OneNote | CVE-2025-21402 | Microsoft Office OneNote Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Outlook | CVE-2025-21357 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Outlook for Mac | CVE-2025-21361 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2025-21393 | Microsoft SharePoint Server Spoofing Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2025-21344 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2025-21348 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Visio | CVE-2025-21345 | Microsoft Office Visio Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Visio | CVE-2025-21356 | Microsoft Office Visio Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Word | CVE-2025-21363 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft | Microsoft Purview | CVE-2025-21385 | Microsoft Purview Information Disclosure Vulnerability |
| Microsoft | Microsoft Windows Search Component | CVE-2025-21292 | Windows Search Service Elevation of Privilege Vulnerability |
| Microsoft | Power Automate | CVE-2025-21187 | Microsoft Power Automate Remote Code Execution Vulnerability |
| Microsoft | Reliable Multicast Transport Driver (RMCAST) | CVE-2025-21307 | Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability |
| GitHub | Visual Studio | CVE-2024-50338 | GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager |
| Microsoft | Visual Studio | CVE-2025-21405 | Visual Studio Elevation of Privilege Vulnerability |
| Microsoft | Visual Studio | CVE-2025-21178 | Visual Studio Remote Code Execution Vulnerability |
| Microsoft | Windows BitLocker | CVE-2025-21213 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows BitLocker | CVE-2025-21214 | Windows BitLocker Information Disclosure Vulnerability |
| Microsoft | Windows Boot Loader | CVE-2025-21211 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Boot Manager | CVE-2025-21215 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Client-Side Caching (CSC) Service | CVE-2025-21374 | Windows CSC Service Information Disclosure Vulnerability |
| Microsoft | Windows Client-Side Caching (CSC) Service | CVE-2025-21378 | Windows CSC Service Elevation of Privilege Vulnerability |
| Microsoft | Windows Cloud Files Mini Filter Driver | CVE-2025-21271 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows COM | CVE-2025-21288 | Windows COM Server Information Disclosure Vulnerability |
| Microsoft | Windows COM | CVE-2025-21272 | Windows COM Server Information Disclosure Vulnerability |
| Microsoft | Windows COM | CVE-2025-21281 | Microsoft COM for Windows Elevation of Privilege Vulnerability |
| Microsoft | Windows Connected Devices Platform Service | CVE-2025-21207 | Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability |
| Microsoft | Windows Cryptographic Services | CVE-2025-21336 | Windows Cryptographic Information Disclosure Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21258 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21255 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21229 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21249 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21310 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21324 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21327 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21341 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21263 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21260 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21232 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21228 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21265 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21226 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21227 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21261 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21256 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Direct Show | CVE-2025-21291 | Windows Direct Show Remote Code Execution Vulnerability |
| Microsoft | Windows DWM Core Library | CVE-2025-21304 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| Microsoft | Windows Event Tracing | CVE-2025-21274 | Windows Event Tracing Denial of Service Vulnerability |
| Microsoft | Windows Geolocation Service | CVE-2025-21301 | Windows Geolocation Service Information Disclosure Vulnerability |
| Microsoft | Windows Hello | CVE-2025-21340 | Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability |
| Microsoft | Windows Hyper-V NT Kernel Integration VSP | CVE-2025-21333 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| Microsoft | Windows Hyper-V NT Kernel Integration VSP | CVE-2025-21334 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| Microsoft | Windows Hyper-V NT Kernel Integration VSP | CVE-2025-21335 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| Microsoft | Windows Installer | CVE-2025-21287 | Windows Installer Elevation of Privilege Vulnerability |
| Microsoft | Windows Installer | CVE-2025-21275 | Windows App Package Installer Elevation of Privilege Vulnerability |
| Microsoft | Windows Installer | CVE-2025-21331 | Windows Installer Elevation of Privilege Vulnerability |
| Microsoft | Windows Kerberos | CVE-2025-21218 | Windows Kerberos Denial of Service Vulnerability |
| Microsoft | Windows Kerberos | CVE-2025-21299 | Windows Kerberos Security Feature Bypass Vulnerability |
| Microsoft | Windows Kerberos | CVE-2025-21242 | Windows Kerberos Information Disclosure Vulnerability |
| Microsoft | Windows Kernel Memory | CVE-2025-21323 | Windows Kernel Memory Information Disclosure Vulnerability |
| Microsoft | Windows Kernel Memory | CVE-2025-21316 | Windows Kernel Memory Information Disclosure Vulnerability |
| Microsoft | Windows Kernel Memory | CVE-2025-21318 | Windows Kernel Memory Information Disclosure Vulnerability |
| Microsoft | Windows Kernel Memory | CVE-2025-21319 | Windows Kernel Memory Information Disclosure Vulnerability |
| Microsoft | Windows Kernel Memory | CVE-2025-21320 | Windows Kernel Memory Information Disclosure Vulnerability |
| Microsoft | Windows Kernel Memory | CVE-2025-21321 | Windows Kernel Memory Information Disclosure Vulnerability |
| Microsoft | Windows Kernel Memory | CVE-2025-21317 | Windows Kernel Memory Information Disclosure Vulnerability |
| Microsoft | Windows MapUrlToZone | CVE-2025-21328 | MapUrlToZone Security Feature Bypass Vulnerability |
| Microsoft | Windows MapUrlToZone | CVE-2025-21276 | Windows MapUrlToZone Denial of Service Vulnerability |
| Microsoft | Windows MapUrlToZone | CVE-2025-21329 | MapUrlToZone Security Feature Bypass Vulnerability |
| Microsoft | Windows MapUrlToZone | CVE-2025-21189 | MapUrlToZone Security Feature Bypass Vulnerability |
| Microsoft | Windows MapUrlToZone | CVE-2025-21269 | Windows HTML Platforms Security Feature Bypass Vulnerability |
| Microsoft | Windows MapUrlToZone | CVE-2025-21268 | MapUrlToZone Security Feature Bypass Vulnerability |
| Microsoft | Windows MapUrlToZone | CVE-2025-21332 | MapUrlToZone Security Feature Bypass Vulnerability |
| Microsoft | Windows MapUrlToZone | CVE-2025-21219 | MapUrlToZone Security Feature Bypass Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2025-21270 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2025-21289 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2025-21251 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2025-21285 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2025-21290 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2025-21230 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2025-21277 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2025-21220 | Microsoft Message Queuing Information Disclosure Vulnerability |
| Microsoft | Windows NTLM | CVE-2025-21217 | Windows NTLM Spoofing Vulnerability |
| Microsoft | Windows NTLM | CVE-2025-21311 | Windows NTLM V1 Elevation of Privilege Vulnerability |
| Microsoft | Windows OLE | CVE-2025-21298 | Windows OLE Remote Code Execution Vulnerability |
| Microsoft | Windows PrintWorkflowUserSvc | CVE-2025-21235 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| Microsoft | Windows PrintWorkflowUserSvc | CVE-2025-21234 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| Microsoft | Windows Recovery Environment Agent | CVE-2025-21202 | Windows Recovery Environment Agent Elevation of Privilege Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2025-21309 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2025-21297 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2025-21330 | Windows Remote Desktop Services Denial of Service Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2025-21225 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2025-21278 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| CERT CC | Windows Secure Boot | CVE-2024-7344 | Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass |
| Microsoft | Windows Security Account Manager | CVE-2025-21313 | Windows Security Account Manager (SAM) Denial of Service Vulnerability |
| Microsoft | Windows Smart Card | CVE-2025-21312 | Windows Smart Card Reader Information Disclosure Vulnerability |
| Microsoft | Windows SmartScreen | CVE-2025-21314 | Windows SmartScreen Spoofing Vulnerability |
| Microsoft | Windows SPNEGO Extended Negotiation | CVE-2025-21295 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21241 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21243 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21237 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21239 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21244 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21238 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21252 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21248 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21240 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21413 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21286 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21305 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21411 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21246 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21250 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21236 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21233 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21417 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21273 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21266 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21303 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21282 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21302 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21306 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21223 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21409 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21339 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21245 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Themes | CVE-2025-21308 | Windows Themes Spoofing Vulnerability |
| Microsoft | Windows UPnP Device Host | CVE-2025-21300 | Windows upnphost.dll Denial of Service Vulnerability |
| Microsoft | Windows UPnP Device Host | CVE-2025-21389 | Windows upnphost.dll Denial of Service Vulnerability |
| Microsoft | Windows Virtual Trusted Platform Module | CVE-2025-21210 | Windows BitLocker Information Disclosure Vulnerability |
| Microsoft | Windows Virtual Trusted Platform Module | CVE-2025-21280 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability |
| Microsoft | Windows Virtual Trusted Platform Module | CVE-2025-21284 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability |
| Microsoft | Windows Virtualization-Based Security (VBS) Enclave | CVE-2025-21370 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability |
| Microsoft | Windows Web Threat Defense User Service | CVE-2025-21343 | Windows Web Threat Defense User Service Information Disclosure Vulnerability |
| Microsoft | Windows Win32K - GRFX | CVE-2025-21338 | GDI+ Remote Code Execution Vulnerability |
| Microsoft | Windows WLAN Auto Config Service | CVE-2025-21257 | Windows WLAN AutoConfig Service Information Disclosure Vulnerability |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-50338
MITRE NVD Issuing CNA: GitHub |
CVE Title: GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager
CVSS: CVSS:3.1 Highest BaseScore:7.4/TemporalScore:6.4
Executive Summary: None FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is secrets or privileged information belonging to the user of the affected application. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50338 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
15.9.69 | Maybe | None |
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.11.43 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
17.10.10 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
17.6.22 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
17.8.17 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-50338 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21411
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21411 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21411 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21413
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21413 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21413 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21171
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they should be placed on the victim's system. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they should be placed on the victim's system. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that a user trigger the payload in the application. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21171 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 9.0 installed on Linux | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
| .NET 9.0 installed on Mac OS | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
| .NET 9.0 installed on Windows | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.10.10 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.22 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.17 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21171 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21210
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows BitLocker Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.2/TemporalScore:3.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of unencrypted hibernation images in cleartext. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an attacker needs repeated physical access to the victim machine's hard disk. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21210 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21210 | Maxim Suhanov with CICADA8 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21214
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows BitLocker Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.2/TemporalScore:3.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Bitlocker Key. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts by swapping virtual hard disks. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21214 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21214 | Maxim Suhanov with CICADA8 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21215
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.6/TemporalScore:4.0
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then trigger an event that could exploit the vulnerability and save an invalid state to a database or trigger other unintended actions. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21215 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21215 | Maxim Suhanov with CICADA8 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21233
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21233 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21233 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21234
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to AppContainer isolation and Mandatory Integrity Control for more information. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21234 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21234 | Jongseong Kim (nevul37) with Ajou University & ENKI WhiteHat |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21235
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to AppContainer isolation and Mandatory Integrity Control for more information. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21235 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21235 | Jongseong Kim (nevul37) with Ajou University & ENKI WhiteHat |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21236
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21236 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21236 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21237
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21237 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21237 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21239
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21239 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21239 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21241
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21241 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21241 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21242
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kerberos Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.2
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21242 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21242 | Asna Farooqui |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21243
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21243 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21243 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21244
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21244 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21244 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21248
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21248 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21248 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21249
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21249 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21249 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21251
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?? An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21251 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21251 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21252
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21252 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21252 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21255
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21255 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21255 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21257
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows WLAN AutoConfig Service Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21257 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21257 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21258
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21258 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21258 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21260
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21260 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21260 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21263
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21263 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21263 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21265
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB device. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21265 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21265 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21266
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21266 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21266 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21268
MITRE NVD Issuing CNA: Microsoft |
CVE Title: MapUrlToZone Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.9
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21268 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
| Windows Server 2012 | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
| Windows Server 2012 (Server Core installation) | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21268 | George Hughey |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21269
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows HTML Platforms Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. What kind of security feature could be bypassed by successfully exploiting this vulnerability? A security feature bypass vulnerability exists when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended. To exploit this vulnerability, an attacker could email or otherwise provide a specially crafted URL to a victim and convince them to click on it. The security update addresses the vulnerability by correcting security feature behavior to properly map affected URLs to the correct Security Zone. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21269 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | 5050063 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
| Windows Server 2012 | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
| Windows Server 2012 (Server Core installation) | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21269 | George Hughey with MSRC Vulnerabilities & Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21270
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?? An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21270 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21270 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21271
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21271 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| CVE ID | Acknowledgements |
| CVE-2025-21271 | RanchoIce |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21272
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows COM Server Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could get unauthorized access to sensitive user data outside of the AppContainer execution environment. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21272 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21272 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21277
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?? An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21277 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21277 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21280
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Virtual Trusted Platform Module Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? A successful exploitation of this vulnerability via a medium integrity level exploit could allow an attacker to gain unauthorized access to system-level resources, potentially modify kernel memory, and execute arbitrary code with kernel-level privileges. This could lead to a full compromise of the system’s integrity, confidentiality, and availability. Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21280 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21280 | HongZhenhao with TianGong Team of Legendsec at Qi'anxin Group |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21281
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft COM for Windows Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21281 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21281 | Zhang WangJunJie, He YiSheng with Hillstone Network Security Research Institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21282
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21282 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21282 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21284
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Virtual Trusted Platform Module Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. According to the CVSS metric, successful exploitation of this vulnerability could lead to a total loss of availability (A:H). What does that mean for this vulnerability? If an attacker was able to successfully exploit the vulnerability the attack might result in a total loss of availability. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21284 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21284 | HongZhenhao with TianGong Team of Legendsec at Qi'anxin Group |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21285
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?? An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21285 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21285 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21288
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows COM Server Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21288 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21288 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21289
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?? An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21289 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21289 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21290
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?? An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21290 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21290 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21291
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Direct Show Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an authenticated client to click a link in order for an unauthenticated attacker to initiate remote code execution. How could an attacker exploit the vulnerability? An attacker could exploit the vulnerability by controlling subsequent memory allocation after a double free error occurs. This could potentially allow the attacker to execute arbitrary code, leading to remote code execution. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21291 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| CVE ID | Acknowledgements |
| CVE-2025-21291 | Mozilla |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21293
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Active Directory Domain Services Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21293 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21293 | Sebastian Sadeq Birke with ReTest Security ApS |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21294
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Digest Authentication Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system which requires digest authentication, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21294 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21294 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21295
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to manipulate system operations in a specific manner. How could an attacker exploit the vulnerability? An attacker who successful exploited this vulnerability could achieve remote code execution without user interaction. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21295 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21295 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21296
MITRE NVD Issuing CNA: Microsoft |
CVE Title: BranchCache Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21296 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21296 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21297
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Services Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21297 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21297 | VictorV(Tang tianwen) with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21298
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows OLE Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:9.8/TemporalScore:8.5
Executive Summary: None FAQ: How could an attacker exploit the vulnerability? In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim's Outlook application displaying a preview of a specially crafted email . This could result in the attacker executing remote code on the victim's machine. What is OLE? Object Linking and Embedding (OLE) is a technology that allows embedding and linking to documents and other objects. For more information please visit: Object Linking and Embedding (OLE) Data Structures Mitigations: None Workarounds: Use Microsoft Outlook to reduce the risk of users opening RTF Files from unknown or untrusted sources To help protect against this vulnerability, we recommend users read email messages in plain text format. For guidance on how to configure Microsoft Outlook to read all standard mail in plain text, please refer to Read email messages in plain text. Impact of workaround: Email messages that are viewed in plain text format will not contain pictures, specialized fonts, animations, or other rich content. In addition, the following behavior may be experienced:
Revision: 1.0 14-Jan-25 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21298 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21298 | Jmini, Rotiple, D4m0n with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21299
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kerberos Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Executive Summary: None FAQ: Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21299 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21299 | Ceri Coburn with NetSPI |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21301
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Geolocation Service Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21301 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21301 | André Schoorl and Bruno Pereira Vidal Bruno Pereira Vidal |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21302
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21302 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21302 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21303
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21303 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21303 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21304
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could an attacker gain with a successful exploitation? An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process. This could lead to further system compromise and unauthorized actions within the network. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21304 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| CVE ID | Acknowledgements |
| CVE-2025-21304 | Varun Goel |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21306
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21306 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21306 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21309
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Services Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21309 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21309 | VictorV(Tang tianwen) with Kunlun Lab k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21314
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows SmartScreen Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker would have to send the victim a malicious file that the victim would have to execute. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21314 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2016 | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Spoofing | 5048653 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21314 | Haifei Li with Check Point Research Eric Lawrence with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21315
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Brokering File System Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user. According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code at a higher integrity level than that of the AppContainer execution environment. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21315 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21315 | hazard |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21316
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. **Are there any further steps I need to take to be protected from this vulnerability? Customers running Windows Server 2016 or older, or Windows 10 version 1607 or older MUST install both the Servicing Stack Update (SSU) and the Security Update for that version to be fully protected from this vulnerability. See ADV990001 | Latest Servicing Stack Updates for the applicable Servicing Stack Update for your operating system version. Customers whose systems are configured to receive automatic updates do not need to take any further action. Do I need to install the Servicing Stack Update and the January 2025 Security Update in any particular order? SSUs should always be installed before any new update for Windows, including the latest cumulative update (LCU), Monthly Rollup, or Security Update. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21316 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21316 | Yarden Shafir |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21318
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21318 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21318 | Yarden Shafir |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21319
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. **Are there any further steps I need to take to be protected from this vulnerability? Customers running Windows Server 2016 or older, or Windows 10 version 1607 or older MUST install both the Servicing Stack Update (SSU) and the Security Update for that version to be fully protected from this vulnerability. See ADV990001 | Latest Servicing Stack Updates for the applicable Servicing Stack Update for your operating system version. Customers whose systems are configured to receive automatic updates do not need to take any further action. Do I need to install the Servicing Stack Update and the January 2025 Security Update in any particular order? SSUs should always be installed before any new update for Windows, including the latest cumulative update (LCU), Monthly Rollup, or Security Update. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21319 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21319 | Yarden Shafir |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21320
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. **Are there any further steps I need to take to be protected from this vulnerability? Customers running Windows Server 2016 or older, or Windows 10 version 1607 or older MUST install both the Servicing Stack Update (SSU) and the Security Update for that version to be fully protected from this vulnerability. See ADV990001 | Latest Servicing Stack Updates for the applicable Servicing Stack Update for your operating system version. Customers whose systems are configured to receive automatic updates do not need to take any further action. Do I need to install the Servicing Stack Update and the January 2025 Security Update in any particular order? SSUs should always be installed before any new update for Windows, including the latest cumulative update (LCU), Monthly Rollup, or Security Update. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21320 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21320 | Yarden Shafir |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21321
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21321 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21321 | Yarden Shafir |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21327
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21327 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21327 | Adel and Benjamin Rodes |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21176
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21176 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 8.0 installed on Linux | 5050525 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.12 | Maybe | None |
| .NET 8.0 installed on Mac OS | 5050525 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.12 | Maybe | None |
| .NET 8.0 installed on Windows | 5050525 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.12 | Maybe | None |
| .NET 9.0 installed on Linux | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
| .NET 9.0 installed on Mac OS | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
| .NET 9.0 installed on Windows | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems | 5050416 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems | 5050416 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems | 5050416 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems | 5050188 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems | 5050188 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems | 5050188 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 | 5050187 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) | 5050187 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems | 5050416 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems | 5050416 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems | 5050416 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems | 5050188 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems | 5050188 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems | 5050188 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems | 5049624 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems | 5049624 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems | 5049624 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems | 5049624 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for ARM64-based Systems | 5049622 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for x64-based Systems | 5049622 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 | 5050187 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) | 5050187 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) | 5049620 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050186 (Monthly Rollup) 5050181 (Security Only) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 4.7.04126.02 |
Maybe | None | |
| Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050186 (Monthly Rollup) 5050181 (Security Only) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 4.7.04126.02 |
Maybe | None | |
| Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5050186 (Monthly Rollup) 5050181 (Security Only) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 4.7.04126.02 |
Maybe | None | |
| Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050186 (Monthly Rollup) 5050181 (Security Only) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 4.7.04126.02 |
Maybe | None | |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050183 (Monthly Rollup) 5050180 (Security Only) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 4.7.04126.02 |
Maybe | None | |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050183 (Monthly Rollup) 5050180 (Security Only) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 4.7.04126.02 |
Maybe | None | |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 | 5050184 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) | 5050184 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 | 5050185 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) | 5050185 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
| Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems | 5049614 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems | 5049614 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050183 (Monthly Rollup) 5050180 (Security Only) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 4.8.04775.02 |
Maybe | None | |
| Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050183 (Monthly Rollup) 5050180 (Security Only) |
Important | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 4.8.04775.02 |
Maybe | None | |
| Microsoft .NET Framework 4.8 on Windows Server 2012 | 5050184 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) | 5050184 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2012 R2 | 5050185 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) | 5050185 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2016 | 5049614 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) | 5049614 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.9.69 | Maybe | None |
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.11.43 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.10.10 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.22 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.17 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21176 | goodbyeselene |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21178
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Visual Studio Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21178 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.9.69 | Maybe | None |
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.11.43 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.10.10 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.22 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.17 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21178 | goodbyeselene |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21173
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that a user trigger the payload in the application. According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authorized attacker with standard user privileges could place a malicious file and then wait for the privileged victim to run the calling command. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21173 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 8.0 installed on Linux | 5050525 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.12 | Maybe | None |
| .NET 9.0 installed on Linux | 5050526 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.10.10 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.22 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.17 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21173 | Noah Gilson with Microsoft Daniel Plaisted with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21341
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.6/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21341 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21341 | Adel and Benjamin Rodes |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||
| CVE-2025-21344
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21344 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002672 (Security Update) 5002671 (Security Update) |
Important | Remote Code Execution | 5002659 5002544 |
Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.0.5483.1001 | Maybe | None |
| Microsoft SharePoint Server 2019 | 5002666 (Security Update) 5002667 (Security Update) |
Important | Remote Code Execution | 5002657 5002664 |
Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.0.10416.20041 | Maybe | None |
| Microsoft SharePoint Server Subscription Edition | 5002676 (Security Update) | Important | Remote Code Execution | 5002658 | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.0.17928.20356 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21344 | zcgonvh |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21345
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Visio Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21345 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-21345 | c0d3nh4ck with Zscaler's ThreatLabz |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21346
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Executive Summary: None FAQ: There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploits this vulnerability could bypass Windows Defender Application Control (WDAC) enforcement. This could lead to the ability to run unauthorized applications on target systems. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21346 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2016 (32-bit edition) | 5002675 (Security Update) 5002595 (Security Update) |
Important | Security Feature Bypass | 5002661 5002197 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 16.0.5483.1000 |
Maybe | None |
| Microsoft Office 2016 (64-bit edition) | 5002675 (Security Update) 5002595 (Security Update) |
Important | Security Feature Bypass | 5002661 5002197 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 16.0.5483.1000 |
Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-21346 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21348
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.2/TemporalScore:6.3
Executive Summary: None FAQ: There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server. How could an attacker exploit the vulnerability? An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21348 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002672 (Security Update) 5002671 (Security Update) |
Important | Remote Code Execution | 5002659 5002544 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
| Microsoft SharePoint Server 2019 | 5002666 (Security Update) 5002667 (Security Update) |
Important | Remote Code Execution | 5002657 5002664 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10416.20041 | Maybe | None |
| Microsoft SharePoint Server Subscription Edition | 5002676 (Security Update) | Important | Remote Code Execution | 5002658 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.17928.20356 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21348 | zcgonvh |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21356
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Visio Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21356 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-21356 | Li Shuang and willJ with Vulnerability Research Institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21357
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Outlook Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H) and privileges required are low (PR:L). What does that mean for this vulnerability? An attacker must gain access to the victim user's Microsoft Outlook account by compromising or stealing their login credential and then install a malicious form prior to exploiting the vulnerability successfully. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user needs to be tricked into opening malicious files. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21357 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Outlook 2016 (32-bit edition) | 5002656 (Security Update) | Important | Remote Code Execution | 5002626 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1000 | Maybe | None |
| Microsoft Outlook 2016 (64-bit edition) | 5002656 (Security Update) | Important | Remote Code Execution | 5002626 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1000 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21357 | Arnold Osipov with Morphisec Michael Gorelik with Morphisec SeungYun LEE with bObffice (BOB13th) JunHyuk Im with bObffice (BOB13th) Kiyeon Jeong with bObffice (BOB13th) JongGeon KIM with bObffice (BOB13th) Jeongmin Choi with bObffice (BOB13th) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||
| CVE-2025-21363
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Word Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.1
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21363 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93.25011212 | Yes | None |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93.25011212 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21363 | Jmini, Rotiple, D4m0n with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21364
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Office macro policies used to block untrusted or malicious files. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21364 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-21364 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21365
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21365 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-21365 | Seungyun LEE with bObffice(BOB 13th) Jeongmin Choi with bObffice(BOB 13th) Junhyuk IM with bObffice(BOB 13th) JongGeon KIM with bObffice(BOB 13th) Kiyeon Jeong with bObffice(BOB 13th) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21366
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Access Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. How does the update protect against this vulnerability? The update blocks potentially malicious extensions from being sent in an email. Which types of extensions are blocked? The following extensions which will be blocked:
Is there any notification indicating an email contained a blocked extension? The email recipient will get a notification that there was an attachment but it cannot be accessed. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21366 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Access 2016 (32-bit edition) | 5002670 (Security Update) | Important | Remote Code Execution | 5002641 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
| Microsoft Access 2016 (64-bit edition) | 5002670 (Security Update) | Important | Remote Code Execution | 5002641 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-21366 | Unpatched.ai |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21382
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Graphics Component Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21382 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21382 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21219
MITRE NVD Issuing CNA: Microsoft |
CVE Title: MapUrlToZone Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21219 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21219 | George Hughey with MSRC Vulnerabilities & Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-7344
MITRE NVD Issuing CNA: CERT CC |
CVE Title: Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass
CVSS: CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Executive Summary: This CVE was assigned by CERT CC. The purpose of this document is to attest to the fact that the products listed in the Security Updates table have been updated to protect against this vulnerability. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-7344 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Security Feature Bypass | 5048699 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Security Feature Bypass | 5048699 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Security Feature Bypass | 5048735 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Security Feature Bypass | 5048735 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2024-7344 | Martin Smolar, ESET |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21389
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows upnphost.dll Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21389 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21389 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21393
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.3/TemporalScore:5.5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? Integrity is impacted as XSS allows an attacker to add their malicious script to fetch victim's sensitive info or to change DOM execution. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to the target site as at least a Site Member. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21393 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002672 (Security Update) 5002671 (Security Update) |
Important | Spoofing | 5002659 5002544 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
| Microsoft SharePoint Server 2019 | 5002666 (Security Update) 5002667 (Security Update) |
Important | Spoofing | 5002657 5002664 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
16.0.10416.20041 | Maybe | None |
| Microsoft SharePoint Server Subscription Edition | 5002676 (Security Update) | Important | Spoofing | 5002658 | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
16.0.17928.20356 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21393 | Felix Boulet |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21395
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Access Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. How does the update protect against this vulnerability? The update blocks potentially malicious extensions from being sent in an email. Which types of extensions are blocked? The following extensions which will be blocked:
Is there any notification indicating an email contained a blocked extension? The email recipient will get a notification that there was an attachment but it cannot be accessed. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21395 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Access 2016 (32-bit edition) | 5002670 (Security Update) | Important | Remote Code Execution | 5002641 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
| Microsoft Access 2016 (64-bit edition) | 5002670 (Security Update) | Important | Remote Code Execution | 5002641 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-21395 | Unpatched.ai |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||
| CVE-2025-21403
MITRE NVD Issuing CNA: Microsoft |
CVE Title: On-Premises Data Gateway Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.4/TemporalScore:5.9
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the data contained in the targeted PowerBI dashboard. The scope of PowerBI data which could be accessed is dependent on the privileges of compromised user. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the victim user to login or authenticate to the target environment. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to be able to exploit this vulnerability. What actions do customers need to take to protect themselves from this vulnerability? Only customers who have configured a SAP HANA data source to use single sign-on (SSO) are affected and must update their On-Premises Data Gateway to protect against this vulnerability. More information regarding SSO for On-Premises Data Gateways can be found here: Overview of single sign-on for on-premises data gateways in Power BI Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21403 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| On-Premises Data Gateway | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.4 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RC:C |
3000.246 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21403 | Kian Gorgichuk Kian Gorgichuk |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21217
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows NTLM Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21217 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Spoofing | 5048703 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Spoofing | 5048703 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Spoofing | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Spoofing | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Spoofing | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Spoofing | 5048710 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Spoofing | 5048695 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Spoofing | 5048695 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Spoofing | 5048699 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Spoofing | 5048699 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Spoofing | 5048735 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Spoofing | 5048735 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Spoofing | 5048653 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21217 | George Hughey with MSRC Vulnerabilities & Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21405
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Visual Studio Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21405 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21405 | Polar Penguin ycdxsb |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21278
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.2/TemporalScore:5.4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21278 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
| CVE ID | Acknowledgements |
| CVE-2025-21278 | Anonymous SkorikARI VictorV(Tang tianwen) with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21329
MITRE NVD Issuing CNA: Microsoft |
CVE Title: MapUrlToZone Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 14-Jan-25 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21329 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4.3 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | |