October 3, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
STRRAT Malware – Active IOCs
July 21, 2025Mirai Botnet aka Katana – Active IOCs
July 21, 2025STRRAT Malware – Active IOCs
July 21, 2025Mirai Botnet aka Katana – Active IOCs
July 21, 2025
Severity
High
Analysis Summary
CVE-2025-49721 CVSS:7.8
Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.
CVE-2025-47984 CVSS:7.5
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
CVE-2025-49732 CVSS:7.8
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-49744 CVSS:7
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-49742 CVSS:7.8
Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.
CVE-2025-47999 CVSS:6.8
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
CVE-2025-48002 CVSS:5.7
Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network.
CVE-2025-47972 CVSS:8
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.
CVE-2025-47991 CVSS:7.8
Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
CVE-2025-49687 CVSS:8.8
Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
Impact
- Denial of Service
- Information Disclosure
- Code Execution
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-49721
CVE-2025-47984
CVE-2025-49732
CVE-2025-49744
CVE-2025-49742
CVE-2025-47999
CVE-2025-48002
CVE-2025-47972
CVE-2025-47991
CVE-2025-49687
Affected Vendors
- Microsoft
Affected Products
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10 for 32-bit Systems
- Microsoft Windows 10 for x64-based Systems
- Microsoft Windows 10 Version 1607 for 32-bit Systems
- Microsoft Windows 10 Version 1607 for x64-based Systems
- Microsoft Windows 10 Version 1809 for 32-bit Systems
- Microsoft Windows 10 Version 1809 for x64-based Systems
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2022
- Microsoft Windows Server 2019 (Server Core installation)
- Microsoft Windows Server 2022 (Server Core installation)
- Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
- Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
- Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
- Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
- Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Microsoft Windows Server 2012 (Server Core installation)
- Microsoft Windows Server 2012 R2 (Server Core installation)
- Microsoft Windows Server 2016 (Server Core installation)
- Microsoft Windows Server 2025
- Microsoft Windows 11 Version 24H2 for x64-based Systems
- Microsoft Windows 11 Version 24H2 for ARM64-based Systems
- Microsoft Windows 11 Version 23H2 for x64-based Systems
- Microsoft Windows 11 Version 23H2 for ARM64-based Systems
- Microsoft Windows Server 2025 (Server Core installation)
- Microsoft Windows 10 Version 22H2 for x64-based Systems
- Microsoft Windows 11 Version 22H2 for x64-based Systems
- Microsoft Windows 11 Version 22H2 for ARM64-based Systems
- Microsoft Windows 10 Version 21H2 for x64-based Systems
- Microsoft Windows 10 Version 22H2 for 32-bit Systems
- Microsoft Windows 10 Version 22H2 for ARM64-based Systems
- Microsoft Windows 10 Version 21H2 for ARM64-based Systems
- Microsoft Windows 10 Version 21H2 for 32-bit Systems
- Microsoft Windows Server 2022 23H2 Edition (Server Core installation)
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.