Multiple WordPress Plugins Vulnerabilities
May 8, 2025Cyber Threat Alert: Immediate Action Required on Existing APT Threat Indicators – Active IOCs
May 8, 2025Multiple WordPress Plugins Vulnerabilities
May 8, 2025Cyber Threat Alert: Immediate Action Required on Existing APT Threat Indicators – Active IOCs
May 8, 2025Severity
High
Analysis Summary
CVE-2025-27475 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by sensitive data storage in improperly locked memory in Windows Update Stack.
CVE-2025-27744 CVSS:7.8
Microsoft Office could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control.
Impact
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-27475
CVE-2025-27744
Affected Vendors
- Microsoft
Affected Products
- Microsoft Windows 11 version 22H2 - 10.0.22621.0
- Microsoft Windows 11 version 22H3 - 10.0.22631.0
- Microsoft Windows 11 Version 23H2 - 10.0.22631.0
- Microsoft Windows 11 Version 24H2 - 10.0.26100.0
- Microsoft Office 2016 - 16.0.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.