

Multiple WordPress Plugins Vulnerabilities
February 3, 2025
Multiple Fortinet Products Vulnerabilities
February 3, 2025
Multiple WordPress Plugins Vulnerabilities
February 3, 2025
Multiple Fortinet Products Vulnerabilities
February 3, 2025Severity
High
Analysis Summary
CVE-2024-49105 CVSS:8.4
Microsoft Windows Remote Desktop Client could allow a remote attacker to execute arbitrary code on the system, caused by improper access control in Remote Desktop Client component. By persuading a victim to open specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2025-21372 CVSS:7.8
Microsoft Brokering File System could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free error.
CVE-2025-21399 CVSS:7.4
Microsoft Edge (Chromium-based) could allow a local attacker to gain SYSTEM privileges.
CVE-2025-21231 CVSS:7.5
Microsoft IP Helper is vulnerable to a denial of service when sending specially crafted string of data over the network.
CVE-2025-21187 CVSS:7.8
Microsoft Power Automate could allow a remote attacker to execute arbitrary code on the system when opening a specially crafted file.
CVE-2025-21220 CVSS:7.5
Microsoft Message Queuing could allow a remote attacker to read small portions of heap memory.
CVE-2025-21405 CVSS:7.3
Microsoft Visual Studio could allow a local authenticated attacker to gain SYSTEM privileges when using a specially crafted application.
Impact
- Code Execution
- Privilege Escalation
- Denial of Service
- Information Disclosure
Indicators of Compromise
CVE
CVE-2024-49105
CVE-2025-21372
CVE-2025-21399
CVE-2025-21231
CVE-2025-21187
CVE-2025-21220
CVE-2025-21405
Affected Vendors
- Microsoft
Affected Products
- Microsoft Windows Server 2022
- Microsoft Windows 10 Version 1809 - 10.0.0
- Microsoft Windows Server 2019 - 10.0.0
- Microsoft Windows Server 2019 (Server Core installation) - 10.0.0
- Microsoft Power Automate for Desktop - 1.0.0.0
- Microsoft Remote Desktop client for Windows Desktop - 1.2.0.0
- Microsoft Windows 10 Version 22H2 - 10.0.19045.0
- Microsoft Windows Server 2025 (Server Core installation) - 10.0.26100.0
- Microsoft Windows 11 version 22H3 - 10.0.22631.0
- Microsoft Windows Server 2012 R2 (Server Core installation) - 6.3.9600.0
- Microsoft Windows 11 Version 23H2 - 10.0.22631.0
- Microsoft Windows 11 Version 24H2 - 10.0.26100.0
- Microsoft Windows Server 2025 - 10.0.26100.0
- Microsoft Edge Update Setup - 1.0.0.0
- Microsoft Visual Studio 2022 version 17.12 - 17.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.