Request a Demo
Rewterz
Gafgyt aka Bashlite Malware – Active IOCs
April 17, 2025
Rewterz
ICS: Multiple Hitachi Vantara Pentaho Vulnerabilities
April 17, 2025

Multiple Microsoft Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-27470 CVSS:7.5

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

CVE-2025-26688 CVSS:7.8

Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.

CVE-2025-26686 CVSS:7.5

Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

CVE-2025-26687 CVSS:7.5

Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-26680 CVSS:7.5

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

CVE-2025-26681 CVSS:6.7

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2025-26668 CVSS:7.5

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVE-2025-26667 CVSS:6.5

Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-26669 CVSS:8.6

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-26666 CVSS:7.8

Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.

CVE-2025-26665 CVSS:7

Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.

CVE-2025-26664 CVSS:6.5

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-26663 CVSS:8.1

Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.

CVE-2025-29796 CVSS:4.7

User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-29815 CVSS:7.6

Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.

CVE-2025-25001 CVSS:4.3

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-25000 CVSS:8.8

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2025-21384 CVSS:8.3

An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.

CVE-2025-29795 CVSS:7.8

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.

Impact

  • Denial of Service
  • Gain Access
  • Code Execution
  • Buffer Overflow
  • Privilege Escalation
  • Cross-Site Scripting
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2025-27470
  • CVE-2025-26688
  • CVE-2025-26686
  • CVE-2025-26687
  • CVE-2025-26680
  • CVE-2025-26681
  • CVE-2025-26668
  • CVE-2025-26667
  • CVE-2025-26669
  • CVE-2025-26666
  • CVE-2025-26665
  • CVE-2025-26664
  • CVE-2025-26663
  • CVE-2025-29796
  • CVE-2025-29815
  • CVE-2025-25001
  • CVE-2025-25000
  • CVE-2025-21384
  • CVE-2025-29795

Affected Vendors

  • Microsoft

Affected Products

  • Microsoft Azure Health Bot
  • Microsoft Windows 10 Version 1809 - 10.0.17763.0
  • Microsoft Windows Server 2019 - 10.0.17763.0
  • Microsoft Windows Server 2019 (Server Core installation) - 10.0.17763.0
  • Microsoft Windows Server 2022 - 10.0.20348.0
  • Microsoft Windows 11 version 22H2 - 10.0.22621.0
  • Microsoft Windows 10 Version 22H2 - 10.0.19045.0
  • Microsoft Windows Server 2025 (Server Core installation) - 10.0.26100.0
  • Microsoft Windows 11 version 22H3 - 10.0.22631.0
  • Microsoft Windows Server 2012 (Server Core installation) - 6.2.9200.0
  • Microsoft Windows Server 2012 R2 - 6.3.9600.0
  • Microsoft Windows Server 2012 R2 (Server Core installation) - 6.3.9600.0
  • Microsoft Windows 11 Version 23H2 - 10.0.22631.0
  • Microsoft Windows Server 2012 - 6.2.9200.0
  • Microsoft Windows 11 Version 24H2 - 10.0.26100.0
  • Microsoft Windows Server 2016 - 10.0.14393.0
  • Microsoft Windows Server 2016 (Server Core installation) - 10.0.14393.0
  • Microsoft Windows 10 Version 21H2 - 10.0.19043.0
  • Microsoft Windows Server 2025 - 10.0.26100.0
  • Microsoft Windows 10 Version 1607 - 10.0.14393.0
  • Microsoft Edge Update Setup - 1.0.0.0
  • Microsoft Edge for iOS - 1.0.0.0
  • Microsoft Windows 10 Version 1507

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2025-27470

CVE-2025-26688

CVE-2025-26686

CVE-2025-26687

CVE-2025-26680

CVE-2025-26681

CVE-2025-26668

CVE-2025-26667

CVE-2025-26669

CVE-2025-26666

CVE-2025-26665

CVE-2025-26664

CVE-2025-26663

CVE-2025-29796

CVE-2025-29815

CVE-2025-25001

CVE-2025-25000

CVE-2025-21384

CVE-2025-29795