April 20, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
FormBook Malware – Active IOCs
April 10, 2025Rhadamanthys Stealer – Active IOCs
April 10, 2025FormBook Malware – Active IOCs
April 10, 2025Rhadamanthys Stealer – Active IOCs
April 10, 2025
Severity
High
Analysis Summary
CVE-2025-24062 CVSS:7.8
Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
CVE-2025-29811 CVSS:7.8
Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.
CVE-2025-29819 CVSS:6.2
External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.
CVE-2025-29812 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by an untrusted pointer dereference in DirectX Graphics Kernel. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
CVE-2025-29810 CVSS:7.5
Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
CVE-2025-29809 CVSS:7.1
Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.
CVE-2025-29808 CVSS:5.5
Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
CVE-2025-27739 CVSS:7.8
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-27738 CVSS:6.5
Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.
CVE-2025-27737 CVSS:8.6
Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-27736 CVSS:5.5
Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.
CVE-2025-27735 CVSS:6
Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
CVE-2025-27733 CVSS:7.8
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
CVE-2025-27732 CVSS:7
Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-27730 CVSS:7.8
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
CVE-2025-27731 CVSS:7.8
Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally.
CVE-2025-27729 CVSS:7.8
Use after free in Windows Shell allows an unauthorized attacker to execute code locally.
CVE-2025-27728 CVSS:7.8
Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2025-27490 CVSS:7.8
Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2025-27727 CVSS:7.8
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.
Impact
- Code Execution
- Security Bypass
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2025-24062
- CVE-2025-29811
- CVE-2025-29819
- CVE-2025-29812
- CVE-2025-29810
- CVE-2025-29809
- CVE-2025-29808
- CVE-2025-27739
- CVE-2025-27738
- CVE-2025-27737
- CVE-2025-27736
- CVE-2025-27735
- CVE-2025-27733
- CVE-2025-27732
- CVE-2025-27730
- CVE-2025-27731
- CVE-2025-27729
- CVE-2025-27728
- CVE-2025-27490
- CVE-2025-27727
Affected Vendors
- Microsoft
Affected Products
- Microsoft Windows Server 2022
- Microsoft Windows 10 Version 1507 - 10.0.0
- Microsoft Windows 10 Version 1809 - 10.0.17763.0
- Microsoft Windows Server 2019 - 10.0.17763.0
- Microsoft Windows Server 2019 (Server Core installation) - 10.0.17763.0
- Microsoft Windows Server 2022 - 10.0.20348.0
- Microsoft Windows 11 version 22H2 - 10.0.22621.0
- Microsoft Windows 10 Version 22H2 - 10.0.19045.0
- Microsoft Windows Server 2025 (Server Core installation) - 10.0.26100.0
- Microsoft Windows 11 version 22H3 - 10.0.22631.0
- Microsoft Windows Server 2012 (Server Core installation) - 6.2.9200.0
- Microsoft Windows Server 2012 R2 - 6.3.9600.0
- Microsoft Windows Server 2012 R2 (Server Core installation) - 6.3.9600.0
- Microsoft Windows 11 Version 23H2 - 10.0.22631.0
- Microsoft Windows Server 2012 - 6.2.9200.0
- Microsoft Windows 11 Version 24H2 - 10.0.26100.0
- Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) - 6.0.6003.0
- Microsoft Windows Server 2016 - 10.0.14393.0
- Microsoft Windows Server 2016 (Server Core installation) - 10.0.14393.0
- Microsoft Windows 10 Version 21H2 - 10.0.19043.0
- Microsoft Windows Server 2025 - 10.0.26100.0
- Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) - 6.1.7601.0
- Microsoft Windows 10 Version 1607 - 10.0.14393.0
- Microsoft Windows Server 2008 R2 Service Pack 1 - 6.1.7601.0
- Microsoft Windows Admin Center in Azure Portal - 1.0
- Microsoft Windows Admin Center - 1809.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.
