Critical Request Smuggling Flaw Found in Apache Traffic Server
April 4, 2025Chinese Hackers Exploit Ivanti VPN Vulnerability to Deploy Malware – Active IOCs
April 4, 2025Critical Request Smuggling Flaw Found in Apache Traffic Server
April 4, 2025Chinese Hackers Exploit Ivanti VPN Vulnerability to Deploy Malware – Active IOCs
April 4, 2025Severity
High
Analysis Summary
CVE-2025-24070 CVSS:7
Microsoft ASP.NET Core and Visual Studio could allow a remote attacker to gain elevated privileges on the system, caused by weak authentication.
CVE-2025-24043 CVSS:7.5
Microsoft WinDbg could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper verification of cryptographic signature in .NET.
CVE-2025-24057 CVSS:7.8
Microsoft Office allow a local attacker to execute arbitrary code on the system, caused by heap-based buffer overflow.
CVE-2025-24044 CVSS:7.8
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an use-after-free in Windows Win32 Kernel Subsystem.
Impact
- Privilege Escalation
- Code Execution
Indicators of Compromise
CVE
CVE-2025-24070
CVE-2025-24043
CVE-2025-24057
CVE-2025-24044
Affected Vendors
- Microsoft
Affected Products
- Microsoft Office LTSC 2021 - 16.0.1
- Microsoft Visual Studio 2022 version 17.10 - 17.10
- Microsoft Visual Studio 2022 version 17.8 - 17.8.0
- Microsoft Office LTSC for Mac 2021 - 16.0.1
- Microsoft Office LTSC for Mac 2024 - 1.0.0
- Microsoft Office LTSC 2024 - 1.0.0
- Microsoft Windows 11 Version 24H2 - 10.0.26100.0
- Microsoft Windows Server 2025 - 10.0.26100.0
- Microsoft Windows 10 Version 1507 - 10.0.10240.0
- Microsoft Visual Studio 2022 version 17.12 - 17.0
- Microsoft ASP.NET Core 8.0 - 1.0.0
- Microsoft ASP.NET Core 9.0 - 1.0.0
- Microsoft WinDbg - 1.0.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.