Severity
Medium
Analysis Summary
CVE-2025-32710 CVSS:8.1
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVE-2025-32714 CVSS:7.8
Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.
Impact
- Code Execution
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-32710
CVE-2025-32714
Affected Vendors
- Microsoft
Affected Products
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Windows Server 2019
- Windows Server 2022
- Microsoft Windows Server 2025
- Windows 10 (all supported versions)
- Windows 11 (all supported versions)
- Windows 8.1 (if still in extended support)
- Windows 7 (ESU customers only- if applicable)
- Windows Server 2012 / 2012 R2
Remediation
Update to apply the appropriate patch for your system, or use the Microsoft Security Update Guide to search for available patches.