Request a Demo
Rewterz
Multiple Apache Products Vulnerabilities
January 22, 2025
Rewterz
Multiple IBM Products Vulnerabilities
January 22, 2025

Multiple Microsoft Windows Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-21325 CVSS:7.8

Microsoft Windows Secure Kernel Mode could allow a local authenticated attacker to gain SYSTEM privileges.

CVE-2025-21409 CVSS:8.8

Windows Telephony Service Remote Code Execution Vulnerability.

CVE-2025-21417 CVSS:8.8

Windows Telephony Service Remote Code Execution Vulnerability.

CVE-2025-21311 CVSS:9.8

Microsoft Windows could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in NTLM V1 component.

CVE-2025-21333 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Hyper-V NT Kernel Integration VSP component.

CVE-2025-21326 CVSS:7.8

Microsoft Windows could allow a local attacker to execute arbitrary code on the system, caused by a flaw in Internet Explorer component.

CVE-2025-21218 CVSS:7.5

Windows Kerberos Denial of Service Vulnerability.

CVE-2025-21378 CVSS:7.8

Windows CSC Service Elevation of Privilege Vulnerability.

CVE-2025-21370 CVSS:7.8

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability.

Impact

  • Code Execution
  • Privilege Escalation
  • Denial of Service

Indicators of Compromise

CVE

  • CVE-2025-21325

  • CVE-2025-21409

  • CVE-2025-21417

  • CVE-2025-21311

  • CVE-2025-21333

  • CVE-2025-21326

  • CVE-2025-21218

  • CVE-2025-21378

  • CVE-2025-21370

Affected Vendors

Microsoft

Affected Products

  • Microsoft Windows Server 2022
  • Microsoft Windows 11 version 22H2 - 10.0.22621.0
  • Microsoft Windows 10 Version 22H2 - 10.0.19045.0
  • Microsoft Windows Server 2025 (Server Core installation) - 10.0.26100.0
  • Microsoft Windows 11 version 22H3 - 10.0.22631.0
  • Microsoft Windows Server 2012 (Server Core installation) - 6.2.9200.0
  • Microsoft Windows Server 2012 R2 - 6.3.9600.0
  • Microsoft Windows Server 2012 R2 (Server Core installation) - 6.3.9600.0
  • Microsoft Windows 11 Version 23H2 - 10.0.22631.0
  • Microsoft Windows 11 Version 24H2 - 10.0.26100.0
  • Microsoft Windows Server 2016 - 10.0.14393.0
  • Microsoft Windows Server 2016 (Server Core installation) - 10.0.14393.0
  • Microsoft Windows 10 Version 21H2 - 10.0.19043.0
  • Microsoft Windows Server 2025 (Server Core installation) - N/A
  • Microsoft Windows Server 2025 - 10.0.26100.0
  • Microsoft Windows 10 Version 1507 - 10.0.10240.0

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2025-21325

CVE-2025-21409

CVE-2025-21417

CVE-2025-21311

CVE-2025-21333

CVE-2025-21326

CVE-2025-21218

CVE-2025-21378

CVE-2025-21370