Severity
High
Analysis Summary
CVE-2025-24053 CVSS:7.2
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
CVE-2025-24076 CVSS:7.3
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
CVE-2025-24072 CVSS:7.8
Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.
CVE-2025-24998 CVSS:7.3
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-26630 CVSS:7.8
Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.
CVE-2025-25003 CVSS:7.3
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-24989 CVSS:8.2
Microsoft Power Pages could allow a remote attacker to gain elevated privileges on the system, caused by improper access control.
CVE-2025-21355 CVSS:8.6
Microsoft Bing could allow a remote attacker to execute arbitrary code on the system, caused by improper authentication validation.
Impact
- Privilege Escalation
- Code Execution
Indicators of Compromise
CVE
CVE-2025-24053
CVE-2025-24076
CVE-2025-24072
CVE-2025-24998
CVE-2025-26630
CVE-2025-25003
CVE-2025-24989
CVE-2025-21355
Affected Vendors
- Microsoft
Affected Products
- Microsoft Windows Server 2022
- Microsoft Windows Server 2022 - 10.0.20348.0
- Microsoft Windows Server 2025 (Server Core installation) - 10.0.26100.0
- Microsoft Windows 11 version 22H3 - 10.0.22631.0
- Microsoft Windows 11 Version 23H2 - 10.0.22631.0
- Microsoft Windows Server 2008 Service Pack 2 - 6.0.6003.0
- Microsoft Windows Server 2008 R2 Service Pack 1 - 6.1.7601.0
- Microsoft Dataverse
- Microsoft Power Pages
- Microsoft Bing
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.