July 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple SolarWinds SWOSH Vulnerabilities
June 12, 2025
Multiple Mozilla Products Vulnerabilities
June 12, 2025
Multiple SolarWinds SWOSH Vulnerabilities
June 12, 2025
Multiple Mozilla Products Vulnerabilities
June 12, 2025
Severity
Medium
Analysis Summary
CVE-2025-29828 CVSS:8.1
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.
CVE-2025-24069 CVSS:5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-24068 CVSS:5.5
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-24065 CVSS:5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-47165 CVSS:7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-33073 CVSS:8.8
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
CVE-2025-33070 CVSS:8.1
Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-33069 CVSS:5.1
Improper verification of cryptographic signature in App Control for Business (WDAC) allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-33068 CVSS:7.5
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-33057 CVSS:6.5
Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.
Impact
- Denial of Service
- Code Execution
- Security Bypass
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2025-29828
- CVE-2025-24069
- CVE-2025-24068
- CVE-2025-24065
- CVE-2025-47165
- CVE-2025-33073
- CVE-2025-33070
- CVE-2025-33069
- CVE-2025-33068
- CVE-2025-33057
Affected Vendors
- Microsoft
Affected Products
- Microsoft 365 Apps for Enterprise for 32-bit Systems
- Microsoft 365 Apps for Enterprise for 64-bit Systems
- Microsoft Office 2019 for 32-bit editions
- Microsoft Office 2019 for 64-bit editions
- Microsoft Office LTSC 2021 for 32-bit editions
- Microsoft Office LTSC 2021 for 64-bit editions
- Microsoft Office LTSC 2024 for 64-bit editions
- Microsoft Windows Server 2012 - 6.2.9200.0 - 6.2.9200.25522
- Microsoft Windows 11 Version 23H2 for ARM64-based Systems 10.0.22631.5472
- Microsoft Windows Server 2025 (Server Core installation) 10.0.26100.4349
- Microsoft Windows Server 2025 (Server Core installation) 10.0.26100.4270
- Microsoft Windows 10 Version 22H2 for 32-bit Systems 10.0.19045.5965
- Microsoft Windows 10 Version 22H2 for ARM64-based Systems 10.0.19045.5965
- Microsoft Windows 10 Version 22H2 for x64-based Systems 10.0.19045.5965
- Microsoft Windows 11 Version 22H2 for x64-based Systems 10.0.22621.5472
- Microsoft Windows 11 Version 22H2 for ARM64-based Systems 10.0.22621.5472
- Microsoft Windows 10 Version 21H2 for x64-based Systems 10.0.19044.5965
- Microsoft Windows Server 2012 R2 (Server Core installation) 6.3.9600.22620
- Microsoft Windows Server 2012 (Server Core installation) 6.2.9200.25522
- Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 6.1.7601.27769
- Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 6.0.6003.23351
- Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 6.0.6003.23351
- Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 6.0.6003.23351
- Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 6.0.6003.23351
- Microsoft Windows Server 2016 (Server Core installation) 10.0.14393.8148
- Microsoft Windows Server 2016 10.0.14393.8148
- Microsoft Windows 10 Version 1607 for x64-based Systems 10.0.14393.8148
- Microsoft Windows 10 Version 1607 for 32-bit Systems 10.0.14393.8148
- Microsoft Windows 10 for x64-based Systems 10.0.10240.21034
- Microsoft Windows 10 for 32-bit Systems 10.0.10240.21034
- Microsoft Windows Server 2025 10.0.26100.4349
- Microsoft Windows Server 2025 10.0.26100.4270
- Microsoft Windows 11 Version 24H2 for x64-based Systems 10.0.26100.4349
- Microsoft Windows 11 Version 24H2 for x64-based Systems 10.0.26100.4270
- Microsoft Windows 11 Version 24H2 for ARM64-based Systems 10.0.26100.4349
- Microsoft Windows 11 Version 24H2 for ARM64-based Systems 10.0.26100.4270
- Microsoft Windows 10 Version 21H2 for ARM64-based Systems 10.0.19044.5965
- Microsoft Windows 10 Version 21H2 for 32-bit Systems 10.0.19044.5965
- Microsoft Windows Server 2022 (Server Core installation) 10.0.20348.3807
- Microsoft Windows Server 2022 (Server Core installation) 10.0.20348.3745
- Microsoft Windows Server 2022 10.0.20348.3807
- Microsoft Windows Server 2022 10.0.20348.3745
- Microsoft Windows Server 2019 (Server Core installation) 10.0.17763.7434
- Microsoft Windows Server 2019 10.0.17763.7434
- Microsoft Windows 10 Version 1809 for x64-based Systems 10.0.17763.7434
- Microsoft Windows 10 Version 1809 for 32-bit Systems 10.0.17763.7434
- Microsoft Excel 2016 (64-bit edition) 16.0.5504.1000
- Microsoft Excel 2016 (32-bit edition) 16.0.5504.1000
- Microsoft Office LTSC for Mac 2024 16.98.25060824
- Microsoft Office LTSC 2024 for 32-bit editions
- Microsoft Office LTSC for Mac 2021 16.98.25060824
- Microsoft Office Online Server 16.0.10417.20018
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.