Multiple Microsoft Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-49678 CVSS:7

Null pointer dereference in Microsoft Windows NTFS allows an authorized attacker to elevate privileges locally.

CVE-2025-48817 CVSS:8.8

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2025-48814 CVSS:7.5

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.

CVE-2025-33054 CVSS:8.1

Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-47986 CVSS:8.8

Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

CVE-2025-49714 CVSS:7.8

Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally.

CVE-2025-49739 CVSS:8.8

Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-49727 CVSS:7

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2025-49733 CVSS:7.8

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Impact

Privilege Escalation
Security Bypass
Code Execution

Indicators of Compromise

CVE

CVE-2025-49678
CVE-2025-48817
CVE-2025-48814
CVE-2025-33054
CVE-2025-47986
CVE-2025-49714
CVE-2025-49739
CVE-2025-49727
CVE-2025-49733

Affected Vendors

Microsoft

Affected Products

Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows 10 for 32-bit Systems
Microsoft Windows 10 for x64-based Systems
Microsoft Windows 10 Version 1607 for 32-bit Systems
Microsoft Windows 10 Version 1607 for x64-based Systems
Microsoft Windows 10 Version 1809 for 32-bit Systems
Microsoft Windows 10 Version 1809 for x64-based Systems
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2022
Microsoft Visual Studio 2015 Update 3
Microsoft Windows Server 2019 (Server Core installation)
Microsoft Windows Server 2022 (Server Core installation)
Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft Windows Server 2012 (Server Core installation)
Microsoft Visual Studio 2022 version 17.8
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Visual Studio 2022 version 17.10
Microsoft Windows Server 2025
Microsoft Windows 11 Version 24H2 for x64-based Systems
Microsoft Windows 11 Version 24H2 for ARM64-based Systems
Microsoft Windows 11 Version 23H2 for x64-based Systems
Microsoft Windows 11 Version 23H2 for ARM64-based Systems
Microsoft Windows Server 2025 (Server Core installation)
Microsoft Windows 10 Version 22H2 for x64-based Systems
Microsoft Windows 11 Version 22H2 for x64-based Systems
Microsoft Windows 11 Version 22H2 for ARM64-based Systems
Microsoft Windows 10 Version 21H2 for x64-based Systems
Microsoft Windows 10 Version 22H2 for 32-bit Systems
Microsoft Windows 10 Version 22H2 for ARM64-based Systems
Microsoft Windows 10 Version 21H2 for ARM64-based Systems
Microsoft Windows 10 Version 21H2 for 32-bit Systems
Microsoft Windows App Client for Windows Desktop - 1.00
Microsoft visual studio 2022 version 17.12
Microsoft Windows Server 2022 23H2 Edition (Server Core installation)
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Python extension for Visual Studio Code
Microsoft Remote Desktop client for Windows Desktop
Microsoft Windows App Client for Windows Desktop
Microsoft Visual Studio 2022 version 17.14