Request a Demo
Rewterz
Multiple WordPress Plugins Vulnerabilities
February 3, 2025
Rewterz
Multiple Fortinet Products Vulnerabilities
February 3, 2025

Multiple Microsoft Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-49105 CVSS:8.4

Microsoft Windows Remote Desktop Client could allow a remote attacker to execute arbitrary code on the system, caused by improper access control in Remote Desktop Client component. By persuading a victim to open specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2025-21372 CVSS:7.8

Microsoft Brokering File System could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free error.

CVE-2025-21399 CVSS:7.4

Microsoft Edge (Chromium-based) could allow a local attacker to gain SYSTEM privileges.

CVE-2025-21231 CVSS:7.5

Microsoft IP Helper is vulnerable to a denial of service when sending specially crafted string of data over the network.

CVE-2025-21187 CVSS:7.8

Microsoft Power Automate could allow a remote attacker to execute arbitrary code on the system when opening a specially crafted file.

CVE-2025-21220 CVSS:7.5

Microsoft Message Queuing could allow a remote attacker to read small portions of heap memory.

CVE-2025-21405 CVSS:7.3

Microsoft Visual Studio could allow a local authenticated attacker to gain SYSTEM privileges when using a specially crafted application.

Impact

  • Code Execution
  • Privilege Escalation
  • Denial of Service
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2024-49105

  • CVE-2025-21372

  • CVE-2025-21399

  • CVE-2025-21231

  • CVE-2025-21187

  • CVE-2025-21220

  • CVE-2025-21405

Affected Vendors

  • Microsoft

Affected Products

  • Microsoft Windows Server 2022
  • Microsoft Windows 10 Version 1809 - 10.0.0
  • Microsoft Windows Server 2019 - 10.0.0
  • Microsoft Windows Server 2019 (Server Core installation) - 10.0.0
  • Microsoft Power Automate for Desktop - 1.0.0.0
  • Microsoft Remote Desktop client for Windows Desktop - 1.2.0.0
  • Microsoft Windows 10 Version 22H2 - 10.0.19045.0
  • Microsoft Windows Server 2025 (Server Core installation) - 10.0.26100.0
  • Microsoft Windows 11 version 22H3 - 10.0.22631.0
  • Microsoft Windows Server 2012 R2 (Server Core installation) - 6.3.9600.0
  • Microsoft Windows 11 Version 23H2 - 10.0.22631.0
  • Microsoft Windows 11 Version 24H2 - 10.0.26100.0
  • Microsoft Windows Server 2025 - 10.0.26100.0
  • Microsoft Edge Update Setup - 1.0.0.0
  • Microsoft Visual Studio 2022 version 17.12 - 17.0

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2024-49105

CVE-2025-21372

CVE-2025-21399

CVE-2025-21231

CVE-2025-21187

CVE-2025-21220

CVE-2025-21405